Oral
Answers to
Questions

Scotland

The Secretary of State was asked—

Food Supply Chains

Christine Jardine: What discussions he has had with Cabinet colleagues on food supply chains in Scotland.

John Lamont: This Government want to ensure that farmers and food producers get a fair price for their products by tackling unfairness that exists in food supply chains. We are currently pursuing contractual reform in the dairy and pork sectors and we have a new review of the egg sector. This will ensure resilience and fair supply chains across the country.

Christine Jardine: My constituents in Edinburgh West, like so many others across the country, are finding it increasingly difficult to source affordable nutritious food. The situation has been made worse by flooding in Scotland and by international pressures such as the war in Ukraine, energy prices and Brexit. There are enterprises such as Lauriston Farm in my community that can provide good local food. What are the Government doing to support projects such as those and to offset the impact on our food producers of the recent flooding?

John Lamont: I recognise the points that the hon. Lady makes about the pressures on the food supply chain. The UK Government are closely monitoring the impact on the agricultural sector of the flooding caused by storms and we are working with the Environment Agency to resolve that. The Department for Environment, Food and Rural Affairs can provide financial assistance to the farming sector to cover uninsurable losses incurred as a result of exceptional flooding by activating the farming recovery fund. I would encourage the hon. Lady to contact the Under-Secretary of State for Environment, Food and Rural Affairs, my hon. Friend the Member for Keighley (Robbie Moore), the excellent new water Minister at DEFRA, for more information.

Lindsay Hoyle: I now come to the Shadow Minister and welcome him to his position.

Michael Shanks: Thank you, Mr Speaker. It is a pleasure to be here, although I have to say that there was not particularly stiff competition for the role from Scotland.
Inflation might be slowly coming down, but food inflation in Scotland still stands at more than 10%, forcing families to choose between being able to eat or heat their home, or, given the increasing levels of destitution, neither. Thousands of people in Scotland are turning to food banks not as a one-off last resort but as a means of getting by week after week. It is clear that both our Governments should be working together much better to tackle this, so what specific steps will the Minister take to work with the Scottish Government and the food industry to ensure that food prices do not continue to rise at unaffordable rates? Does he really believe that the autumn statement will give families any confidence that the Government understand how difficult it is for people in Scotland right now?

John Lamont: I welcome the hon. Member to his new position. I recognise the points he makes about stiff competition, but nonetheless I very much welcome him.
This Government are absolutely committed to tackling the rising prices that households are facing, which is why the Prime Minister has an absolute focus on reducing the levels of inflation, but the hon. Member is right to say that both Governments should be working together to alleviate pressures on household budgets. This Government have demonstrated that through the huge support that has been put in place to support households with energy prices, and through other measures to ensure that financial help is in place to support hard-pressed households.

Post Office Branch Closures

Jamie Stone: What discussions he has had with Cabinet colleagues on the potential impact of post office branch closures on the delivery of Government services in Scotland.

Richard Foord: What discussions he has had with Cabinet colleagues on the potential impact of post office branch closures on the delivery of Government services in Scotland.

John Lamont: The United Kingdom Government continue to provide significant support to the national post office network, adding up to more than £2.4 billion over the last 10 years. This funding enabled 98% of individuals in rural areas to live within three miles of their nearest post office in 2022, with the overall network as large today as it has been for five years.

Jamie Stone: Our rural branches of the post office are at the very core, the very heart, of our rural communities. At present, His Majesty’s Government provide certain services to the public via the post office network. Does the Minister agree that it would be a good notion to encourage the Scottish Government to go down the same route and provide as many services as possible in that way, thus ensuring the future of those branches?

John Lamont: I agree with the hon. Member. I recognise the vital importance of post offices for constituents in rural communities such as his own and also in my own constituency in the Scottish Borders. It is of course for the Scottish Government to assess how to make their services available to people across Scotland, considering  accessibility as well as value for money for the taxpayer. However, I would be happy to facilitate a meeting with my colleagues in the Department for Business and Trade to see what further encouragement we could give the Scottish Government to use the post office network for the delivery of their services.

Richard Foord: Scotland has seen the closure of 40 post offices in the past two years, yet as the hon. Member for Caithness, Sutherland and Easter Ross (Jamie Stone) pointed out, the communities that still have post offices are losing access to Government services, particularly in rural areas. Driver and Vehicle Licensing Agency services are due to cease being available at post offices from the end of next March. What conversations has the Minister had with the Department for Business and Trade about keeping DVLA services available from post offices?

John Lamont: I should start by correcting the hon. Gentleman in that the post office network is not in decline. More post offices have been opened than closed over the past year. We do see fluctuations in different parts of the country, with many postmasters running a franchise business in their own right. Many face the same challenges as other high street businesses. The DVLA and the Post Office extended their contract until 31 March 2024. The post office network operates commercially at arm’s length from the Government and is responsible for taking decisions on commercial matters such as the DVLA contract.

Devolution in Scotland

Chris Law: What assessment he has made of the state of devolution in Scotland.

Stewart McDonald: What assessment he has made of the state of devolution in Scotland.

Alister Jack: With devolved powers, the Scottish Government can tailor policy in areas such as health, education and justice, as well as in tax and welfare through additional powers in the Scotland Act 2016. The UK Government are working with local government and local partners to deliver on their needs and wishes. That is real devolution in action.

Chris Law: Climate change talks at COP28 begin tomorrow, and one of the most important issues to be agreed is the climate loss and damage fund. The Secretary of State will know that Scotland has led the way on that, becoming the first country in the global north to pledge financial support to address loss and damage, but he and his Conservative colleagues are intent on limiting the Scottish Government’s international engagement. Can he tell me why he wants to silence Scotland’s voice and prevent us from providing that global leadership?

Alister Jack: It is very straightforward. We understand that there will be environmental engagement overseas by the Scottish Government, and that is a devolved matter. What we have tried get a grip on is the Scottish Government travelling overseas, meeting Ministers,  discussing reserved areas such as constitutional affairs and foreign affairs, and straying away from the portfolio of matters that are devolved to them. That is our position.

Stewart McDonald: It is obvious that in order to cement a sense of economic resilience Scotland requires a population growth strategy, but the devolution settlement, unfit as it is, will not come anywhere near that, and the Government continue to set their face against it. Can the Secretary of State explain why?

Alister Jack: If the Scottish Government want more people to settle in Scotland—and immigration is at a record high—they need to build more housing, have lower taxes and better public services, and make Scotland more attractive to people.

David Mundell: Does my right hon. Friend share my disappointment that the SNP-Green Scottish Government continue to use the devolution settlement as a platform to pursue constitutional grievances? In reality, would not achieving the best outcome for the people of Scotland and our constituents mean the two Governments working together on a project, for example the A75? If the Governments work together, that will actually be delivered.

Alister Jack: I absolutely agree with my right hon. Friend. The A75, along with the A77, came up as a vital route in the Union connectivity review by Lord Hendy of Richmond Hill—Sir Peter Hendy as he was at the time. We are finally working with the Scottish Government, and the UK Government are funding a feasibility study for the upgrade of the A75. I am delighted that progress is being made.

Sally-Ann Hart: Is it not the case that the Scottish Government have consistently strayed outside the limits of the devolution settlements, so it is very difficult to take the SNP seriously as a defender of devolution when it has so little respect for the current settlement?

Alister Jack: My hon. Friend is right. Everyone forgets that the Scottish Government get up every day and go to work to destroy devolution and the United Kingdom. The defenders of devolution and the strengtheners of the United Kingdom are this Government.

Lindsay Hoyle: I call the shadow Secretary of State.

Ian Murray: Let me take this opportunity to congratulate my hon. Friend the Member for Rutherglen and Hamilton West (Michael Shanks) not only on his vast—and fast—promotion to the shadow Front Bench but on the 20.4% swing from the SNP that brought him the by-election victory.
The announcement of the closure of the refinery at Grangemouth is a hammer blow. Too many communities are still living with the devastation of being left behind after coalmine closures in the 1980s. That must not be allowed to happen again. Grangemouth’s owner is buying football clubs and investing in plants elsewhere, while the workers lose out. The Prime Minister has decided that a culture war on the environment trumps getting the UK into the global green energy race by backing  Labour’s green energy superpower plans. The devolution settlement demands that both Governments work together, but they certainly do not. What discussions is the Secretary of State having with the Scottish Government to protect jobs at Grangemouth? What impact will the closure have on the Acorn carbon capture and storage project?

Alister Jack: First of all, it is a very worrying time for those whose jobs are at risk at the Grangemouth refinery. This morning, the Under-Secretary of State for Scotland, my hon. Friend the Member for Berwickshire, Roxburgh and Selkirk (John Lamont), and a Minister from the Department for Energy Security and Net Zero met Neil Gray from the Scottish Government, and yesterday my hon. Friend had a meeting with the local authority. Work is going on. It is ironic that the Scottish Government want to shut down oil and gas, because when that happens, people suddenly realise the need to manage a transition and take us gradually to net zero while protecting people’s livelihoods.
On Acorn and the Scottish cluster, I have spoken to the chief executive of Storegga, which is pulling the project together. He told me that the refinery closing has little impact on its project, because Grangemouth was supplying the blue hydrogen to the refinery and others, and the emissions from that were being put into the North sea.

Ian Murray: It is the 25th anniversary of the Scottish Parliament next year—one of the Labour party’s proudest achievements. However, recently it has been riven by failure and scandal, from one in seven on NHS waiting lists to ferries, iPads and camper vans. Much has been made about the dual role of the Government-appointed Lord Advocate, who sits in the Scottish Cabinet while presiding over prosecutions in Scotland. What discussions has the Secretary of State had with the Scottish Government about Anas Sarwar’s idea to split the dual role of Scotland’s top law officer, to maintain the separation of powers between the Government and the judiciary?

Alister Jack: As the hon. Gentleman will know, the Director of Public Prosecutions in England is appointed by a panel, which removes the risk of perceived interference by Government. Many learned friends have expressed their concerns to me about the structure in Scotland and the closeness between the judiciary and the Government, and I find their concerns understandable. It is vital that the public perception is that the prosecution service is very independent from Government.

Lindsay Hoyle: I call the Chair of the Scottish Affairs Committee.

Pete Wishart: I am sure the Secretary of State will agree that his mission to constrain and bypass the Scottish Parliament has been an absolute disaster for devolution. Relationships across the UK have never been as such a low level. Will he acknowledge that his version of aggressive Unionism has utterly failed? As he is leaving his office, will he pledge to abandon it entirely?

Alister Jack: I am not entirely sure what I have done that has been a failure, to be honest. This Government protect devolution and the settlement. If he is referring to the section 35 order that I used, that was in the  Scotland Act 1998 and was voted for at the time by SNP MPs. It is there to protect devolution when a devolved Administration legislates on Great Britain or UK matters.

Employment Law: Devolution

Martyn Day: If he will have discussions with Cabinet colleagues on the potential merits of devolving employment law to the Scottish Government.

Alister Jack: The UK Government have no intention of devolving legislative competence for employment rights to the Scottish Parliament. Employers and employees benefit hugely from a single, simple system where employment rights are the same across Great Britain, whether in Derby or Dundee. We do not see any benefit from changing that arrangement.

Martyn Day: Devolution of employment law is supported by the Scottish Trades Union Congress, the Trades Union Congress, workers’ rights groups, a majority in the Scottish Parliament and the public. It would benefit workers by having their Governments compete to give them better rights and preventing a race to the bottom. What is not to like? Why will the Secretary of State’s Government not consider it?

Alister Jack: I refer the hon. Gentleman to my original answer. We believe it is right to have a simple system that works across the United Kingdom, whether one is in Derby or Dundee.

Oliver Heald: Does the Secretary of State agree that to have different employment laws either side of the border of the two nations would be a mistake, because it would increase the regulatory burden on companies and deprive British companies of our excellent tribunal system?

Alister Jack: I completely agree with my right hon. and learned Friend, who absolutely makes the right arguments.

Scottish Work Visa Scheme

Douglas Chapman: If he will make an assessment with Cabinet colleagues of the potential merits of devolving the power to introduce a Scottish work visa scheme to the Scottish Government.

Brendan O'Hara: If he will make an assessment with Cabinet colleagues of the potential merits of devolving the power to introduce a Scottish work visa scheme to the Scottish Government.

Deidre Brock: If he will make an assessment with Cabinet colleagues of the potential merits of devolving the power to introduce a Scottish work visa scheme to the Scottish Government.

Alister Jack: The United Kingdom Government have introduced a single, flexible immigration system that works in the interest of the whole United Kingdom. A separate visa system would create an economic migration border  between Scotland and the rest of the UK, which would be harmful for employers and far less attractive for workers.

Douglas Chapman: Last week, the CBI conference raised the serious issue of a lack of people to do vital jobs that we need filling, especially in hospitality and food production. Both the Fraser of Allander Institute and the highlands MSP Kate Forbes have suggested localised worker visa solutions to boost the economy. Why is the Secretary of State not listening to those smart voices, and why is he not acting in the best interests of the Scottish economy?

Alister Jack: Because we have a specific Scottish occupation list for shortages, which gives us flexibility. The salary rate is set at £20,960. We believe that the best way is for stakeholder bodies to make representations to the Home Office to add to the shortage occupation list.

Brendan O'Hara: Five years ago, the Migration Advisory Committee said that the current system was failing remote communities. Recently published figures show that my Argyll and Bute constituency is suffering further depopulation, with the town of Rothesay on the Isle of Bute particularly badly affected. Despite overwhelming evidence to the contrary, the Government still insist that the current system delivers for all parts of the UK. Will the Secretary of State explain how a one-size-fits-all policy, simultaneous catering for the vastly different needs of densely populated urban areas and Argyll and Bute, can deliver equally for both?

Alister Jack: Argyll and Bute is a beautiful part of the United Kingdom, but what it lacks is infrastructure, public services and affordable housing, because the Scottish Government have failed in all those areas. What it also has, with the rest of Scotland, is the problem of being the highest-taxed part of the United Kingdom. That is the problem the Scottish Government have to address.

Deidre Brock: The UK Government said that post-Brexit domestic employment would fill labour gaps, but the executive director of UKHospitality Scotland has said that the gaps left by excluding EU workers have not been filled, leaving huge numbers of specialist vacancies, such as for chefs and managers. When will this Government accept reality and stop destroying Scotland’s economy in the name of a purist Brexit ideology?

Alister Jack: I think the hon. Lady lives in a parallel universe. We have the highest net migration to the UK since records began, far higher than when we were in the EU. As I say, if we want to attract people to Scotland, we must stop making it the highest-taxed part of the United Kingdom.

Kevin Foster: The Secretary of State has correctly identified that there are some who want to use immigration policy to enforce a hard border between England and Scotland as part of their aim to break up the Union. Does he agree, and in his assessment did he identify, that we need to ensure that immigration policy is not used as an alternative to offering the rewarding packages that key workers deserve?

Alister Jack: Absolutely. We are one United Kingdom. We have no physical border. It is important that we treat immigration equally across the whole United Kingdom and give everyone equal opportunity.

Lindsay Hoyle: I call the SNP spokesperson.

Tommy Sheppard: Let me be clear: we are talking about the administration of work permits for people from overseas who wish to work in Scotland on a temporary basis. Just about everyone thinks it would be better administered in Scotland, but the Secretary of State insists that it should be centralised by his Government in Westminster. His argument would be plausible if the UK demonstrated that it is managing the migration service well but, given the catastrophe that is the UK immigration system, when will he wake up and realise this would be better done in Scotland, by the people who live there?

Alister Jack: I point the hon. Gentleman to the seasonal agricultural workers scheme. That is 45,000 people, with the ability to flex it up to 55,000. Those people come to work in a flexible system across the United Kingdom, and it has proved to be a huge success.

Tommy Sheppard: The Secretary of State is standing against everyone. He is standing against experts, against academics, against representatives of industry and even against the people of Scotland, only 28% of whom think immigration is too high. More than six in 10 think more immigration would benefit the country. When is he going to stop being the Secretary of State against Scotland and be the Secretary of State for Scotland?

Alister Jack: It is good that the hon. Gentleman’s lines are written by Mike Russell. That is an old one, and not a very good one.
The reality is that Scotland is the most taxed part of the United Kingdom, which is not attractive for people to work there. We have the highest ever net migration. If the Scottish Government focus more on good public services, good infrastructure and lower taxation, hopefully those high net migration figures will see more people settle in Scotland.

Carbon Capture, Utilisation and Storage

Neale Hanvey: What recent discussions he has had with the Scottish Government on developing carbon capture, utilisation and storage in Scotland.

John Lamont: Carbon capture, utilisation and storage is a vital component of our journey to net zero. The Acorn project represents a huge opportunity for the north-east of Scotland. As would be expected for any multi-billion pound project, due diligence must now be followed.

Neale Hanvey: Under Westminster rule, Bathgate, Linwood, Methil and Irvine are all no more. Grangemouth now risks being added to that sorry list, and with it the hope of its developing carbon technologies. The Minister is quick to attack a Scottish Government with limited powers, but responsibility for the robbery and ruination  of Scotland’s energy sector, and the continued denial of substantial funding for carbon capture, rests squarely with the UK Government. What is his office doing to protect energy sector jobs and livelihoods in Scotland, and what is his Department’s excuse for utterly failing the people of Scotland?

John Lamont: I had the pleasure of meeting the Cabinet Secretary from the Scottish Government this morning, together with the leader of Falkirk Council, to discuss the situation at Grangemouth. The Scottish Government and the UK Government are working together, hand in hand, to protect as many jobs as possible. The Scottish cluster is expected to include at least one project located in Grangemouth, which is welcome news.

Productive Forestry Planting

Selaine Saxby: Whether his Department has had recent discussions with the Scottish Government on supporting productive forestry planting in Scotland.

John Lamont: I very much welcome this question, which is timely in National Tree Week. Reforestation is a crucial way for us all to reduce carbon emissions and improve biodiversity across the country. Although this policy is devolved, the UK Government continue to work with the devolved Administrations to deliver UK-wide change in tree planting and establishment.

Selaine Saxby: Conifers, which are the main species planted for productive forestry, account for just under half the area of UK woodland. Does my hon. Friend agree that there should now be a UK-wide target for 60% of new planting to be productive forestry, allowing Scotland to lead the way in delivering a secure supply of raw materials to support British manufacturing and construction?

John Lamont: I thank my hon. Friend for her excellent question. There are high ambitions across the United Kingdom to increase forestry planting. I agree that we must secure a steady supply of the raw materials needed to support Britain’s construction and manufacturing industries.

Jim Shannon: Last week—[Interruption.] I do not normally get such a cheer.
Last week, the Government announced that there will be a new national park and a new national forest in England. Do the Scottish Government, or the Minister, have any intention of doing something similar for Scotland?

John Lamont: There are great ambitions for an additional national park in Scotland, and my Scottish Conservative colleagues are pushing very hard for that. If the hon. Gentleman needs more information, he should please write to me. I will respond with the required detail.

Promoting Scotland's Interests Abroad

Mark Menzies: What recent discussions he has had with Cabinet colleagues on promoting Scotland’s interests abroad.

Alister Jack: The UK Government work tirelessly to promote Scottish interests around the world through our extensive diplomatic network, forging business links, and generating trade and investment. Our response to the Scottish Affairs Committee’s recent inquiry on Scotland’s international promotion highlights the extensive efforts we undertake to achieve this.

Mark Menzies: As one of the Prime Minister’s trade envoys, it is always my pleasure to be championing British business overseas. From whisky to satellites, Scotland is home to some of the UK’s most important exports. Will my right hon. Friend update the House on what work the Scotland Office is doing to support these important sectors in the international market?

Alister Jack: First, I thank my hon. Friend for his service as a trade envoy, and tell him that last month I had the pleasure of travelling to Vietnam to boost Scotland’s trade interests and celebrate diplomatic links. Vietnam already offers huge opportunities for Scottish businesses and in the light of the UK’s recent joining of the comprehensive and progressive agreement for trans-Pacific partnership—that is easy for you to say, Mr Speaker— I am keen to highlight further trading opportunities for Scottish businesses in the Indo-Pacific region.

Lindsay Hoyle: For the final question, I call Patrick Grady.

Patrick Grady: Will the Secretary of State clarify what he was saying earlier and whether he thinks it is legitimate for Scottish Government Ministers to be able to travel overseas to promote the work of the Scottish Government?

Alister Jack: I have always been very clear that Scottish Government Ministers can go overseas to promote areas that are devolved, but the reserved areas, such as the constitution and foreign affairs, are a matter for the UK Government and those Ministers should not be using our embassies and consulates to promote their plans for separation, or their different views on the middle east or anything else.

Lindsay Hoyle: Before we come to Prime Minister’s questions, let me remind Members of an important courtesy that we should all observe: giving notice to colleagues if we are visiting their constituencies on official business. Colleagues in Lancashire ought to think about that when they are going to others’ constituencies and let people know when they are doing so—I believe that did not happen on this occasion. I have heard of a number of examples in other areas of this discourteous way of behaving towards colleagues, which is not acceptable. I would rather we did not have to deal with such matters by points of order, so please try to give notice before visiting each other’s constituencies.
I also say to everybody that temperate and moderate language is what I want in this Chamber. Let us now move on to PMQs.

Prime Minister

The Prime Minister was asked—

Engagements

Gavin Newlands: If he will list his official engagements for Wednesday 29 November.

Rishi Sunak: This morning, I had meetings with ministerial colleagues and others. In addition to my duties in this House, I shall have other such meetings later today.

Gavin Newlands: Last year, Scotland exported 19 trillion Wh of electricity, worth £4 billion, to the UK grid, yet not only do Scottish generators pay the highest grid connection charges in Europe, but Scots pay among the highest standing charges while London’s are by far the lowest. Our heating and lighting is switched on a lot earlier and off a lot later than the south of England’s. Should Scottish households be forced to shiver in the dark this winter to subsidise the richest part of the UK?

Rishi Sunak: As the hon. Gentleman will know, standing charges are a matter for Ofgem, the independent regulator. Last week, it launched a consultation asking for views about standing charges. He will know that because of geographic factors, the UK Government already provide an annual cross-subsidy worth £60 to a typical household in Scotland, but on top of that we are providing considerable support to everyone across the UK with their energy bills this year.

Greg Smith: Abigail Mor Edan is four years old. Released from Hamas captivity last weekend, Abigail is an orphan, after her parents were brutally executed in front of her during Hamas’s rampage on 7 October. To secure the freedom of Abigail and some other hostages, Israel is taking a huge risk, releasing convicted terrorists, including would-be suicide bomber Israa Jaabis, imprisoned for detonating a gas cylinder in her car in 2015. Hamas also seem to have broken the ceasefire, by activating three explosive devices. What steps is my right hon. Friend the Prime Minister taking to continue his welcome, steadfast support for Israel in its fight against not only Hamas, but other Iran-backed terror groups?

Rishi Sunak: I thank my hon. Friend for raising such an important issue. My thoughts and the thoughts of the whole House will be with Abigail.
As I have said before, we support Israel’s right to defend itself, to go after Hamas and to free hostages, to deter further incursions and to strengthen its security for the long term. We welcome the extension to the agreement to pause fighting, increase humanitarian aid and release further hostages. Negotiations are ongoing and highly sensitive, but this has been a welcome first positive step. We will continue to hold Iran to account for any further escalation from these groups, as well as continuing to work with partners to disrupt and deter Iran’s destabilising activities in the middle east.

Lindsay Hoyle: I call the Leader of the Opposition.

Keir Starmer: In an effort to hide from his failures, the Prime Minister spent this week arguing about an ancient relic that only a tiny minority of the British public have any interest in—but that’s enough about the Tory party. In 2019, they all promised the country that they would control immigration, saying “numbers will come down” and
“the British people will be in control”.
How is it going?

Rishi Sunak: Let me be crystal clear. The levels of migration are far too high and I am determined to bring them back down to sustainable levels. That is why we have asked the Migration Advisory Committee to review certain elements of the system. We are reviewing those findings and will bring forward next steps. Earlier this year, we announced the toughest action ever taken to reduce legal migration. The effects of that action are yet to be felt, but will impact 150,000 student dependants. Forecasts show that migration is likely to drop as a result. Up until this moment, all we have heard from the right hon. and learned Gentleman on this topic is a secret backroom deal with the EU that would see an additional 100,000 migrants here every year.

Keir Starmer: Never mind the British Museum—it is the Prime Minister who has obviously lost his marbles. The Greek Prime Minister came to London to meet him: a fellow NATO member, an economic ally and one of our most important partners in tackling illegal immigration. Instead of using that meeting to discuss those serious issues, the Prime Minister tried to humiliate him and cancelled at the last minute. Why such small politics, Prime Minister?

Rishi Sunak: Of course we are always happy to discuss important topics of substance with our allies, like tackling illegal migration or strengthening our security, but when it was clear that the purpose of the meeting was not to discuss substantive issues for the future but to grandstand and relitigate issues of the past, it was not appropriate. Furthermore, specific commitments and assurances on that topic were made to this country and then broken. It may seem alien to the right hon. and learned Gentleman, but in my view, when people make commitments, they should keep them.

Keir Starmer: I discussed the economy, security and immigration with the Greek Prime Minister. I also told him we would not change the law regarding the marbles—it is not that difficult. The reality is simple: the Prime Minister has no plan on boat crossings and migration is at a record high. His policy is that companies can pay workers from abroad 20% less than British workers and that has contributed to those record high immigration levels, has it not?

Rishi Sunak: The right hon. and learned Gentleman talks about the boat crossings but has failed to notice that illegal boat crossings are down by a third this year, thanks to all the actions we have taken, which he opposed every single time they were raised. No one will be surprised that he is backing an EU country over Britain. Just last week, he was asked which song best sums up the Labour party. What did he come up with? He showed his true colours and chose “Ode to Joy”—literally the anthem of the European Union. He will back Brussels over Britain every single time.

Keir Starmer: Let me get this straight: the Prime Minister is now saying that meeting the Prime Minister of Greece is somehow supporting the EU, instead of discussing serious issues. He has just dug further into that hole that he has made for himself. Rather than dealing with the facts, he is prosecuting his one-man war on reality, and that reality is stuck. Under this Government, a bricklayer from overseas can be paid  £2,500 less than somebody who is already here, a plasterer £3,000 less, and an engineer £6,000 less. The list goes on. It is absurd. Labour would scrap his perverse wage-cutting policy. Why will he not do so?

Rishi Sunak: As I have said, we have taken significant measures and will bring forward more. Indeed, as the Office for National Statistics itself said, more recent estimates indicate a slowing of immigration as a result of the things that we are doing. But I am surprised to hear the right hon. and learned Gentleman now taking this new position. I have a quote here from a pushy young shadow Immigration Minister, who said to this House—I directly quote this person—that limits on skilled migrants are
“a form of economic vandalism”.—[Official Report, 7 March 2016; Vol. 607, c. 19WH.]
Who could possibly have taken such a bizarre position only to U-turn? It will come as no surprise to anybody that it was him.

Keir Starmer: There is only one party that has lost control of the borders, and its Members are sitting right there. This is a Government who are not just in turmoil, but in open revolt. The Immigration Minister thinks that the Prime Minister is failing because, apparently, nobody will listen to his secret plan. The former Home Secretary thinks that he is failing because of his “magical thinking”. The current Home Secretary thinks that he is failing. He even took time out of his busy schedule of insulting people in the north-east to admit that he agrees with Labour. The Prime Minister seems to be the only person on the Tory Benches without his own personal immigration plan. Clearly, his own side do not have any faith in him. Why should the public?

Rishi Sunak: It is really a bit rich to hear about this from someone who described all immigration law as “racist”, and who literally said that it was a mistake to control immigration. We have taken steps and we will take further steps, which is why recent estimates show that immigration is slowing. It is why, next year, the immigration health surcharge will increase by more than two thirds. It is why immigration fees are going up by up to 35%. One of his own Front-Bench team said that having a target is not sensible. It is no surprise to have people like that, because, while we are taking all these measures that he opposes, this is the person who stood on a platform and promised to defend free movement.

Keir Starmer: On this Government’s watch, migration has just trebled, and the Prime Minister is giving the House a lecture about targets. He is lost in la-la land. There can be few experiences more haunting for Conservative Members than hearing this Prime Minister claim that he is going to sort out a problem. First, he said that he would get NHS waiting lists down; they went up. Unabashed by that, he said that he would get control of immigration; it has gone up. Following that experience, he turned his hand to bringing taxes down. And, would you believe it, the tax burden is now going to be higher than ever. It is ironic that he has suddenly taken such a keen interest in Greek culture when he has clearly become the man with the reverse Midas touch: everything he touches turns to—perhaps the Home Secretary can help me out—rubbish. [Interruption.] We might have to check the tape again, Mr Speaker.
Will the Prime Minister do the country a favour and warn us what he is planning next, so that we can prepare ourselves for the disaster that will inevitably follow?

Hon. Members:: More!

Rishi Sunak: At the beginning of the year, we said—

Hon. Members:: More!

Lindsay Hoyle: Order.

Rishi Sunak: At the beginning of the year, we said that we would halve inflation and this Government have delivered, easing the burden of the cost of living for families everywhere. We know about the right hon. and learned Gentleman’s plans—all the way through that, what did he do? He backed inflationary pay rises and talked about welfare—no controls for welfare—and about borrowing £28 billion a year that would just make the situation worse. He mentioned tax: just this past week, we have delivered the biggest tax cuts since the 1980s for millions of people and businesses, and increased pensions and benefits. And this week, we secured £30 billion of new investment for this country. So he can keep trying to talk—

Lindsay Hoyle: Order. Can I just say to the shadow Foreign Secretary—[Interruption.] Order. Just a little bit quieter, please. I want to hear.

Rehman Chishti: The Government have rightly responded to the shocking and unacceptable rise in antisemitism, and we saw extra funding in the autumn statement. I note that 44% of religiously aggravated offences last year were against the Muslim community, yet in the autumn statement there was no funding to deal with Islamophobia. The Government’s independent adviser on Islamophobia role has been left vacant for over one year. As the Prime Minister knows, we discussed these matters over a year ago, yet no action has taken place. Prime Minister, enough is enough with regards to tackling anti-Muslim hatred. Will the Government now finally take action?

Rishi Sunak: We will not tolerate anti-Muslim hatred in any form, and expect it to be dealt with wherever it occurs. I actually recently met Tell MAMA, a service that provides support to victims of anti-Muslim hatred, which we have in fact supported with over £6 million of funding since its inception. We are in regular dialogue with it. We have also doubled the funding for protective security measures through the protective security for mosques scheme, and we will continue to do everything we can to keep our Muslim community safe.

Lindsay Hoyle: I call the SNP leader.

Stephen Flynn: In good news for kids in Aberdeen this morning, it was snowing; when they looked out of the kitchen window, they would have been filled with delight. But many of their parents who looked out of the kitchen window this morning would have been filled with dread—dread from knowing that they simply cannot afford to pay their energy bills. In that context, does the Prime Minister regret offering no financial mechanism whatever for families this winter?

Rishi Sunak: It is simply not right to say that there is not support for families this winter—there has been considerable support this year for energy bills. This winter, pensioner households, for example, will receive up to £300 alongside their winter fuel payment. They are some of the most vulnerable households, and it is right that they get that support at a difficult time.

Stephen Flynn: I appreciate that it is difficult for the Prime Minister to empathise when he quite clearly cannot understand, but to be clear to him and, indeed, the whole House: this is not a matter of energy production. Scotland produces six times more gas than we consume and around two thirds of our electricity already comes from renewable resources. This is a consequence of decades of failed energy policy here in Westminster. Those of us on the Scottish National party Benches believe that Scotland’s energy wealth and energy resource should benefit the people of Scotland. Why doesn’t he?

Rishi Sunak: The entire energy grid infrastructure in this country is integrated, which brings benefits to people in every part of our United Kingdom. When it comes to supporting people with energy bills, earlier this year we increased benefits to the highest rate on record. It is why we provided cost of living payments worth £900 on top of regular support. It was right not to wait until the last moment to give people that support; we gave it to them earlier this year so that they would have the security they need going into winter—as I said, on top of the money for pensioners. When there are cold snaps, we have cold weather payments that kick in and the warm home discount, which provides an extra £150 to the most vulnerable households. All that is the most considerable action taken by any Government to help people with their energy bills.

Philip Hollobone: The £400 million redevelopment of Kettering General Hospital is the No.1 investment priority for local residents. The first part is a £50 million new energy plant to power the expanded and improved hospital. Will my right hon. Friend the Prime Minister please do all he can to ensure that the Department of Health gets spades in the ground on time next spring, so that we can get the construction of our redeveloped, much loved local hospital fully under way?

Rishi Sunak: I thank my hon. Friend for continuing to champion the new hospital in Kettering. We are absolutely committed to delivering the scheme for Kettering General Hospital. As my hon. Friend will be aware, the new energy centre is vital to the delivery of the new hospital, and we expect that work to begin in the first quarter of next year. The new hospital programme is working closely with the trust to ensure that the plans are deliverable.

Edward Davey: Three years ago, the Government made a commitment to 40 new hospitals and significant upgrades to hospitals in most need, but today many schemes are badly delayed. The Royal Berkshire—stuck at the development stage, with not a single pound transferred for construction. Harrogate District Hospital—still waiting on £20 million for urgent upgrades after reinforced autoclaved aerated concrete was discovered. There are 25 more such schemes. Will  the Prime Minister explain why his Government are happy to let patients, doctors and nurses suffer for years in such unfit and unsafe conditions?

Rishi Sunak: We are delivering 40 hospitals by 2030. Good progress is already being made, and that programme is being backed by over £20 billion of investment. Three schemes are already open, two are opening this year, and 16 are in construction, or work has begun to prepare the site. It is absolutely right, though, that within that we prioritise RAAC hospitals. That required a reprioritisation, but that was the appropriate thing to do to ensure safety. Patients and staff are already benefiting from some of the improvements that we have made, which come on top of the largest capital programme for the NHS in its history, rolling out community diagnostic centres, urgent treatment centres and surgical hubs right across the country.

Sarah Dines: As disturbed as I was to learn that British politicians are being debanked by the National Westminster Bank, the Prime Minister can imagine my horror to find that an entire town—Bakewell in the Derbyshire dales—is being debanked by the National Westminster Bank. In the whole of the Derbyshire dales and the Peak district, there is not a bank left. Does my right hon. Friend share my concern, as we are the major shareholder, that the National Westminster Bank is ignoring my vulnerable elderly constituents, and my businessmen? Bakewell is a big, thriving market town.

Rishi Sunak: My hon. Friend is right that all customers, wherever they live, should have appropriate access to banking and cash services. That is why we have legislated to protect access to cash, and the Financial Conduct Authority has issued guidance that seeks to ensure that branch closure decisions treat customers fairly. I know that there has been an assessment of access to cash in her area, and the financial services sector will provide a new cash deposit service for her community. Also, everyone can access the post office for regular banking services.

Derek Twigg: Yesterday, Cancer Research UK’s manifesto “Longer, better lives” set out a road map to save 20,000 lives a year by 2040. Research is key to that, and it has identified a funding gap of over £1 billion. Cancer Research UK has told me that, excluding research funded by industry, charities fund 62% of cancer research compared with the Government’s 38%. Is the Prime Minister ashamed of that, and what will he do to address the gap?

Rishi Sunak: Of course the Government must do more to continue preventing cancer deaths in our country. That is why we are focused on fighting cancer on all fronts—prevention, diagnosis, treatment, research and funding. Crucially, cancer is now being diagnosed at an earlier stage more often, with survival rates improving across all types of cancer, including the most common cancers, and through our treatment record we are rolling out community diagnostic centres everywhere to ensure that we can reach those people as quickly as possible.

David Mundell: Can I thank you, Mr Speaker, on behalf of the all-party parliamentary group on HIV  and AIDS, for hosting today’s reception to honour the incredible contribution that Sir Elton John has made to the fight against AIDS? I very much welcome today’s announcement of further funding for HIV and hepatitis B and C opt-out testing in hospital emergency departments as a critical step in fighting those diseases. I ask the Prime Minister to join me, and I am sure the whole House, in praising Sir Elton and his AIDS foundation for pioneering this work.

Rishi Sunak: Sir Elton John has been a powerful voice for change in the UK and the world. Through the brilliant work of his foundation he has raised awareness of HIV, reduced stigma and saved lives. I am very pleased that that will be celebrated tonight at the HIV and AIDS all-party parliamentary group event. Ahead of World AIDS Day on Friday, I would also like to reaffirm this Government’s commitment to ending new transmissions within England by 2030. I know my right hon. Friend the Secretary of State for Health and Social Care will have more to say at tonight’s event about the expansion of our recent pilot initiative on screening.

Gerald Jones: Pearl Melody Black was 22 months old when a car rolled off a private drive on to a highway and hit a wall, which fell and killed her while she was holding her daddy’s hand. Her parents, my constituents Gemma and Paul, South Wales Police and the Crown Prosecution Service were all frustrated that no charges could be brought in the case due to a loophole in the law. My ten-minute rule Bill, the Driving Offences (Amendment) Bill, sought to amend the Road Traffic Act 1988, but it fell as it did not get parliamentary time. I know that colleagues across the House have had similar issues, so I ask the Prime Minister to meet me and meet my constituents to assist in finding a way forward.

Rishi Sunak: I am incredibly sorry to hear about Pearl. My thoughts and, I know, those of the whole House will be with Gemma and Paul. I will make sure that the hon. Gentleman gets a meeting with the relevant Minister on the legislation as quickly as possible.

Nickie Aiken: We know the Labour party has an aversion to white van man, but does the Prime Minister share my concerns that, according to a report in The Daily Telegraph today, Labour-run Westminster Council is increasing parking charges for small electric vehicles by up to 1,800%, demonstrating that it does not support small businesses or tackling climate change?

Rishi Sunak: My hon. Friend is right to raise those concerns. It seems that Labour in London is yet again penalising hard-working people. First we had the ultra low emission zone, and now it seems Labour is hiking parking charges on white van drivers and small businesses. I join her in urging the Labour-run Westminster Council to rethink those damaging proposals.

Tulip Siddiq: I quote:
“Rishi thinks just let people die and that’s okay”.
That was reportedly the Prime Minister’s view of covid during late 2020, as recorded by the then chief scientific adviser in his diary. It came to light last week in the   covid inquiry and I was shocked that Downing Street did not categorically deny it. I ask the Prime Minister today how it is that people who were closest to this issue, whom he worked with day in, day out at the top of Government, got the impression that the Prime Minister was okay with people in our country dying—

Lindsay Hoyle: Order. I think he has got the question.

Rishi Sunak: As the hon. Lady knows, there is an ongoing inquiry into covid. It is right that that is followed and I look forward to providing my own evidence. If she had taken the time to read the evidence submitted to the inquiry, she would have seen that the person she mentioned, the chief scientific adviser, confirmed that he did not hear me say that—and that is because I did not.

John Hayes: That 1.3 million migrants over a period of two years is a catastrophe for Britain is obvious to everyone apart from guilt-ridden bourgeois liberals and greed-driven globalists. Given that the same kind of people are stymieing the Prime Minister’s “stop the boats” campaign, will he bring urgent measures forward to deal with legal migration, and will he ensure that the Bill he has promised is in exactly the form recommended by his own Immigration Minister?

Rishi Sunak: I am pleased to have my right hon. Friend’s advice and support on all on our measures to tackle legal and illegal migration. As I said, we are reviewing the recommendations of the Migration Advisory Committee and we will be bringing forward measures on top of the very significant restrictions that we have already announced on student dependants. When it comes to stopping illegal migration, I have been crystal clear that we will bring forward legislation that makes it unequivocally the case that Rwanda is safe and there will be no more ability of our domestic courts to block flights to Rwanda. That is what our legislation will ensure.

Alison McGovern: Last week, in response to my hon. Friend the Member for Stockton North (Alex Cunningham), the Prime Minister claimed that the “best way” to stop children living in poverty is for them to have parents who work, but over 70% of poor children already live in a home where someone goes out to work. So I will give him another chance: can he explain why reports say that, in 2022, 1 million of our children experienced not just poverty but destitution?

Rishi Sunak: No child should grow up in poverty. That is why I am pleased that, because of the measures we have taken, 1.7 million fewer people are living in poverty today than in 2010. I would also say to the hon. Lady that it is crystal clear that children growing up in workless households are four or five times more likely to be in poverty. That is what the facts say; that is why our efforts are on getting people into work and ensuring that work pays. The actions in the autumn statement to raise the national living wage to record levels and provide a significant tax cut will do an extraordinary amount to continue lifting children out of poverty.

Lindsay Hoyle: I call Jeremy Wright.

Jeremy Wright: Thank you, Mr Speaker, for welcoming my constituent John Farringdon to Parliament this morning. At 110 years of age, John is among my more experienced constituents, and I know that he would want me to ask the Prime Minister to join us in thanking the staff of Cubbington Mill care home for looking after him so well. May I also ask my right hon. Friend to try to find a moment or two to speak to John when he comes to Downing Street this afternoon? It may be a useful conversation for those who are obsessed with the opinion polls, as John, I think it is fair to say, has some experience in surviving against the odds.

Rishi Sunak: I very much hope that I have a chance to meet John later on. I join my right hon. and learned Friend in paying tribute to John’s care home for the incredible care that it provides. It is great that John is here and I am sure that everyone will enjoy meeting him later today.

Peter Grant: The Prime Minister may already be aware from his colleagues of the exceptional contribution that my constituent Dr Hadoura has made during a 30-year career in our health service. He may also be aware that, for the past six to eight weeks, she has been frantic with worry about her 83-year-old mum, who is trapped in Palestine with a number of family members and no way out. Will he agree to work with the Foreign Office and the Home Office, during this time of some hope in the middle east, to find an urgent way to get vulnerable people, such as Dr Hadoura’s mum, out of danger and into a safe place of refuge while we can? Tragically, once the ceasefire ends, so too will the chance of survival for too many people in Palestine.

Rishi Sunak: I pay tribute to the hon. Gentleman’s constituent for her long service in the health service. I assure him that we are doing everything we can to ensure the safe passage of British nationals out of Gaza. I will ensure that the Foreign Office gets in touch with him. All British nationals who have been registered with the Foreign Office have had significant interaction, and we have successfully ensured the safe passage of well over 200 people already. We will continue to do everything we can for those who remain, and I will ensure that we are in touch with the hon. Gentleman and his constituent.

Rachel Maclean: Thanks to this Conservative Government, the Alexandra Hospital in Redditch has received nearly £19 million of investment, and we are boosting training places at the Three Counties Medical School. Does the Prime Minister agree that this is the perfect time to back my campaign to bring back services, so that local mums can once again give birth in their home town and all children can be seen at the hospital, no matter the illness they are experiencing?

Rishi Sunak: I know that my hon. Friend campaigns passionately for the delivery of first-class healthcare for her constituents. Like her, I welcome the investment that the Alexandra Hospital has had in recent years in a range of different services. She will know that reconfigurations of services are, of course, clinically led local decisions following the appropriate  engagement with patients and stakeholders, but I know that she will continue to make her case on behalf of her community.

Mohammad Yasin: In June, the Canadian Prime Minister claimed that the Indian Government may be linked to the killing of Canadian Sikh activist Hardeep Singh Nijjar in Canada. Now, it is reported that the US Government thwarted a second assassination attempt on a Canadian-American citizen on US soil, so will the Prime Minister reassure my Sikh constituents—who have raised their safety concerns with me—that this Government are taking the matter very seriously, and will he raise my constituents’ concerns with his counterpart in India?

Rishi Sunak: I have already made statements on this matter, but crucially, of course, we ensure the safety of all communities in our country. That is the first duty of government, and we will continue to do that, not just for the Sikh community but for every community here in the UK.

John Baron: With both the Office for Budget Responsibility and the ONS confirming that the British economy is now substantially larger than they estimated even a few months ago, does my right hon. Friend agree that the economy has once again proven the detractors wrong and, because unemployment is a corrosive social evil, will he do all he can to ensure that we retain record employment?

Rishi Sunak: My hon. Friend makes an excellent point. A year ago, not just the OBR but the Bank of England, the International Monetary Fund and the OECD were all predicting that we would fall into a recession this year, but thanks to the actions of this Government and this Chancellor, we have grown the economy. We saw that momentum carry on just in the past week with Nissan’s announcement of record investment in its new plant in Sunderland, safeguarding the future of thousands of jobs in the north-east and ensuring the transition to electric vehicles. We also saw it in the summit we hosted, which attracted £30 billion of new investment into the UK. As my hon. Friend said, crucially, that investment will support thousands and thousands of jobs in our country.

Beth Winter: There are 2,500 disused coal tips in Wales. The Welsh Government previously asked the Treasury for £600 million to make them safe, and ahead of the autumn statement sought an initial £20 million, but this Tory Government provided nothing. Rhondda Cynon Taf has the most high-risk coal tips of any local authority, and the spectre of Aberfan looms large over our communities. Does the Prime Minister think it is right that the UK took the economic benefit from Welsh coal, but will not fund the safety of its legacy?

Rishi Sunak: The UK Government are investing in Wales, with record investment in electrification of the north Wales line and record investment in communities up and down the country. It is important to recognise that just recently, the UK Government invested hundreds of millions of pounds to safeguard thousands of jobs at Tata Steel. The Welsh Government have had access to  the largest set of Barnett consequentials on record over the past couple of years, and have the resources they need.

Jonathan Gullis: Thanks to this Conservative Government, the people of Stoke-on-Trent North, Kidsgrove and Talke will see over £200 million to fix our broken roads, the reopening of the Stoke to Leek line, and over £30 million to bus back better by introducing fairer fares and smarter routes to better connect our communities. However, residents who have a free bus pass are being denied the use of it before 9.30 am by Labour-run Stoke-on-Trent City Council, meaning that people cannot get to their GP appointments or to work. Will the Prime Minister back my campaign to end that unfair policy, which is being imposed on my residents?

Rishi Sunak: My hon. Friend is absolutely right about the importance of high-quality bus services. That is why we have capped the cost of travelling on buses at £2 until the end of 2024 as a result of our decision on HS2, and why we have supported councils with £1 billion of funding. I urge all councils to ensure that people see the benefit of that investment, and I wholeheartedly back my hon. Friend’s campaign.

Deidre Brock: NHS England has awarded £330 million to Palantir, a controversial technology firm, to help it recover from its pandemic backlog despite deep concerns among many healthcare professionals about privacy, ethics and the safety of patient data. In light of the Government’s recently commissioned report on unifying health data in the UK, can the Prime Minister confirm   that no attempts will be made to force the Scottish Government to release the personal data of Scottish residents to any centralised system?

Rishi Sunak: As the hon. Lady knows, healthcare is devolved, but we will look for every opportunity to improve patient care and reduce waiting lists in England. That is what we are doing in developing new technology that has a proven track record of bringing down waiting lists and improving the optimisation and efficiency of how theatres are scheduled. That is the type of thing we need to do to ensure that patients get the care they need, and that we can get efficiency in the NHS.

Robert Buckland: The increasing proliferation of AI-generated disinformation and deepfakes poses a clear and present danger not only to our democratic process, but to the administration of justice itself. What further steps will my right hon. Friend take, following the Bletchley summit, to strengthen our domestic law when it comes to this threat to democracy, and to take international action to provide the guardrails that I believe are essential if we are to maintain integrity in the administration of justice?

Rishi Sunak: I thank my right hon. and learned Friend for all the work he has done in this incredibly important area. He is right that we need to have guardrails around the successful exploitation of this technology, which is why the Online Safety Act 2023 gives the regulator significant new powers to regulate the content on social media companies, including some of the ones that he mentioned. We are also working internationally, following on from the summit, to ensure that we can all get the benefits of this technology, but in the process safeguard our democracy, which is so crucial to the functioning of our country.

COP28

Caroline Lucas: (Urgent Question): To ask the Secretary of State for Energy Security and Net Zero if she will provide an update on the UK Government’s commitments in relation to COP28.

Amanda Solloway: I am glad to come to the House to discuss this important subject today. The upcoming COP hosted by the United Arab Emirates is an important moment in the climate crisis. Amid record temperatures and emissions, the first comprehensive stocktake of progress against the Paris agreement at COP28 will show that the world is badly off-track. We have made significant progress through the Paris agreement, with temperature projections shifting from 4°C before Paris to between 2.4°C and 2.7°C after Glasgow through nationally determined contribution commitments, but we know that that is not enough.
In Glasgow, we cemented the goal of limiting global temperature increases to 1.5°C as our north star. That has been carried forward by the UAE presidency. The latest science and the impacts we are seeing, even at 1.1°C, show us why. A top priority for the United Kingdom is to leave COP28 with a clear road map towards keeping 1.5°C in reach from the global stocktake. The UK heads to COP28 with a record at home and internationally that we can be proud of. The Prime Minister recently affirmed our commitment to net zero and set out our new approach to get there. At home, we have decarbonised faster than any other major economy—by 48% since 1990. Looking forward, our 2030 target requires the largest reduction in emissions of any major economy.
Two years on from Glasgow, the need to accelerate action is more urgent than ever. The world needs to decarbonise more than five times faster than we have done in the last two decades. At COP28, we want to see progress against five areas: ambitious new commitments and action, including a pathway to keep 1.5°C within reach from the global stocktake; scaling up clean energy through commitments to triple renewables, double energy efficiency and move beyond fossil fuels; progress on finance reform, delivering $100 billion for developing economies; building resilience to climate impacts, including by doubling adaptation finance and establishing a loss and damage fund; and, finally, progress on restoring nature. Action to deliver net zero is not just a matter of doing the right thing by avoiding harm; it is crucial to our security and prosperity here in the UK now and in the future.
The global net zero transition could be worth £1 trillion to UK businesses between 2021 and 2030. UK businesses are in the vanguard in recognising the opportunity. More than two thirds of FTSE 100 companies, and thousands of small businesses, have pledged to reduce their emissions in line with the 1.5°C goal under the Race to Zero campaign. More than half the signatories to that campaign are from the United Kingdom. Net zero is already an engine for growth and revitalisation of formerly deindustrialised areas in the United Kingdom. At COP28 we need to show progress in delivering the historic agreement that we landed in Glasgow, and we must use our UK expertise to scale green finance.

Caroline Lucas: I thank the Minister for her response. COP28 will be the most consequential climate summit since COP21 in Paris, yet we are way off track. The UN’s recent emissions gap report warns that current pledges under the Paris agreement would see temperature rises of between 2.5°C and 2.9°C this century. Ministers are fond of saying that the UK has the most ambitious nationally determined contribution for 2030 of any major economy, yet the Minister will also be aware of the Climate Change Committee’s recent assessment that
“the UK is unlikely to meet its NDC”.
That is not least because the committee calculates that just 28% of the required emission reductions for 2030 are covered by credible Government plans. She will know that targets without plans are cheap. What concrete plans do the Government have to urgently close that gap? Does she agree that we must see an ambitious outcome from the global stocktake, with significantly strengthened 2030 NDCs and new economy-wide targets by 2025 that see the richest countries going further and faster?
Does the Minister share my outrage over reports that the UAE plans to use its role as COP28 president to secure oil and gas deals? What assessment has she made of the impact of that on trust in the negotiations? Will she explain why the UK is pushing for the phase-out of unabated fossil fuels, rather than of fossil fuels in their entirety? Does she recognise the view of the High Ambition Coalition, which says that we cannot use abatement technologies to “green-light” fossil fuel expansion? How will she ensure that any agreement that includes language on abatement has real teeth, delivers real cuts in fossil fuel production, and does not simply allow for the continuation of business as usual?
The Minister will know that a properly resourced and operational loss and damage finance fund must be a litmus test for success at COP28, but there are reports that the Government will be contributing to that fund from their existing climate finance pot. Does she agree that we cannot tackle ever-increasing challenges from an ever-depleting pot of money? What plans do the Government have for new and additional finance? What innovative sources of finance are they looking at? What assessment have they made of the impact of the UK’s reclassification of climate finance on climate vulnerable countries? If the Government are serious about leading by example, will they finally reverse the greenlighting of the obscene Rosebank oilfield?

Amanda Solloway: I reiterate that the Government take this issue incredibly seriously, and there are two ways of demonstrating that: the Minister for Energy Security and Net Zero, my right hon. Friend the Member for Beverley and Holderness (Graham Stuart), who usually deals with such issues, is at COP28 and ready for the conference; and we now have a distinct Department for this issue, the Department for Energy Security and Net Zero. We know that we are leaders in the field. I take this issue seriously, not just for the people of the United Kingdom, but for the planet as a whole. Thinking about my granddaughter, we really do have a commitment to ensuring that we are doing everything that we can.

Lindsay Hoyle: I call Dr Thérèse Coffey. [Interruption.] Order. Ms Lucas, I have given you an urgent question. If you have a problem—

Caroline Lucas: There were no answers!

Lindsay Hoyle: Please. The Minister will answer as she sees fit. I am sure that at the end you will want to raise a point of order. That is the time—you cannot have a second bite of the cherry. I went out of my way to ensure that this issue was covered, so please—I am sure other Members will ask questions, and it is up to the Minister how she answers them. I am not responsible for that.

Therese Coffey: Thank you, Mr Speaker, for granting this second opportunity for the House to discuss COP28. At the debate on 16 November, when the Government granted a full day’s debate, only three Back Benchers spoke—me, and the hon. Members for Putney (Fleur Anderson) and for Strangford (Jim Shannon). There was not a sign of the hon. Member for Brighton, Pavilion (Caroline Lucas), who is now complaining about the responses to her questions. By the way, the debate on 16 November finished early because of how few people spoke.
Does my hon. Friend agree that “vote blue, go green” is the best way to deliver net zero? Does she recognise that nature-based solutions are vital to achieve net zero? Does this not just show again that the Green party is all talk and absolutely no action?

Amanda Solloway: As I have said, it is incredibly important that we head towards our commitments. Between 1990 and 2021, we cut UK emissions by 48% while growing the economy. I agree with my right hon. Friend that if we trust this Government to deliver, we will ensure we are heading on the right path. The other thing to mention is that net zero is an engine for growth and the revitalisation of formerly industrialised areas of the UK. Cutting emissions is important not just for the climate, but for our economy.

Lindsay Hoyle: I call the shadow Minister.

Kerry McCarthy: The UN has warned that the world is on course for a catastrophic 2.8°C of warming, in part because promises made at COP26 and COP27 have not been fulfilled. We are running out of last chances. We know what we need to do and we know how to do it, but where is the sense of urgency? The Prime Minister was shamed into attending COP last year. I would have thought he would be ashamed to be there this year, after his climate climbdown last month derailed momentum at exactly the wrong time. The world needs climate leadership.
Does the Minister think it is acceptable for the Prime Minister to sabotage the UK’s history of climate leadership with his cynical backtracking on net zero? Labour will be going to COP with a message that the UK can be a climate leader again and that, in doing so, we will cut energy bills and boost energy independence at home, which this Government have conspicuously failed to do. Labour will put the UK back in a position of leadership and establish a clean power alliance. We will pledge to issue no new oil, gas or coal licences and set an example with our mission for clean power by 2030. What example does it set if the current UK Government ignore the science and global consensus on fossil fuels, especially when the Energy Secretary admits that her policy will not even cut bills?
Labour will also be working for multilateral development bank reform to help developing countries access capital, as well as championing the UK as the future green finance capital of the world, with mandatory 1.5°C-aligned transition plans for FTSE 100 companies and financial institutions. Can the Minister tell me what the Government will be doing to advance that agenda?
There is so much more that the UK can and must do to reduce emissions and deliver energy security, to cut energy bills and to back British industry. With Labour, Britain would lead the world at COP. Labour is ready to lead; is the Minister?

Amanda Solloway: As I have mentioned, we do take this issue incredibly seriously. If I think about some of the facts, as the hon. Member rightly mentioned, at the G20 the Prime Minister announced $2 billion to the green climate fund. That is the biggest single funding commitment that the UK has made to help the world tackle climate change. Half of that contribution will go to adaptation. We are committed, and that is why we have a presence at COP28. The House will see that senior members of the UK Government are there, as well as King Charles.

Theresa Villiers: This country has one of the strongest records in the world on reducing emissions, not least given our very successful COP26 summit in Glasgow. What progress is being made on delivering the historic commitment to tackling deforestation made by the leaders at that summit?

Amanda Solloway: I pay tribute to the work that my right hon. Friend has done on this subject. I will need to get back to her with the exact figures on deforestation, if I may. One of the things that the UK Government are doing at COP28 is making sure that we hit the five key areas of progress: finance, global stocktake, mitigation, adaptation, and loss and damage—and, within that, nature.

Lindsay Hoyle: I call the SNP spokesperson.

Steven Bonnar: The UK Government’s series of U-turns on net zero targets has put our ability to meet them at risk. The Scottish Government are committed to meeting our more ambitious targets, but Europe and the United States are leading the way as this place lags behind, in turn holding Scotland back. Can the Minister confirm whether the new Foreign Secretary, who famously decided to “cut the green crap”, will be attending COP26? That move cost UK households £2.5 billion in extra energy costs.

Amanda Solloway: I reassure the hon. Gentleman that we are committed to ensuring we hit all those targets. As of September 2022, more than 130 countries, accounting for around 85% of global emissions and more than 90% of global GDP, were covered by net zero commitments. We are committed to making sure that we hit those targets, and that is demonstrated by our attendance at COP28 and the measures we are taking to ensure we meet the climate challenges.

Nigel Mills: The Government’s “Mobilising green investment” strategy, published in March, set out that we need $1 trillion a year in green  finance by 2030. What are the Government’s ambitions at COP28 to agree funding anywhere close to that level? What more can we do to get our private sector and pension schemes to contribute to that?

Amanda Solloway: My hon. Friend makes an important point. We will have those discussions over the two weeks of COP28. We are trying to ensure that we hit all the global targets, too. I am sure that those conversations will come up, and we can have a discussion on them later.

Anna McMorrin: The Minister can talk the talk, but it is action that counts. Businesses across every sector, as well as experts in the field, have reacted with horror to this Government’s backsliding and roll-backs on climate action and net zero. In fact, Aviva’s chief executive, Amanda Blanc, said that the Government were putting our climate goals as a country “under threat” and therefore jobs, growth and investment at risk. Does the Minister recognise the damage that is doing both at home and to our global standing?

Amanda Solloway: One of the things that this Government are committed to is ensuring that we have skills in place and that the economy is going in the right direction. We are proud of our record, and our commitment to making sure we get to net zero is demonstrated in all the things we have been doing. We are international leaders—world leaders—in our commitment to ensuring that we hit those targets.

Derek Thomas: I welcome that two of the 34 new landscape recovery schemes are in west Cornwall and on Scilly, and I credit the Cornwall Wildlife Trust, Farm Cornwall, the Duchy, other organisations and in particular the landowners for their incredible work to achieve that. At previous climate change conferences, specifically the Paris summit, we agreed to fix our leaky homes. Will the Minister meet me to discuss how we can accelerate that effort, especially for low-income families?

Amanda Solloway: I know what a champion my hon. Friend is for his constituents. I will of course meet him, although perhaps a meeting with the relevant Minister would be more appropriate. We are committed to making sure that we have that extra security. That is why we are making such an investment in working towards energy security, while at the same time working towards net zero.

Wera Hobhouse: The UK was a leader in offshore wind development but is now falling seriously behind. Costs to offshore wind developers have increased by as much as 40%. The recent offshore wind auction failure will have cost the UK 5 GW of new renewable energy, and that was entirely predictable. How will the Prime Minister be able to look in the eye the leaders of countries that are suffering most from the impact of climate change and say, “The UK does everything it can”?

Amanda Solloway: First, we are world leaders on offshore energy. That is one of our commitments, but we do not just rest on our laurels and think about offshore wind; we are also looking at other ways to  generate electricity, which is much needed, including fusion and small modular reactors. The hon. Lady suggests we are not taking into account where we should be going on energy, but we are world leaders and we are ensuring that we have an impact on our futures.

Vicky Ford: I am looking forward to going to COP as one of the members of the Energy Security and Net Zero Committee. Last week the Committee went to see the world’s first green hydrogen neighbourhood project in Fife in Scotland. Local people were given the choice to switch to innovative clean green hydrogen heating and nearly half of them have taken that choice. Does the Minister agree that one of the biggest challenges to achieving next zero is achieving that consumer change, and that this is why it is so important that we offer consumers innovation and choice rather than the top-down “tax and ban” approach that the Opposition so often promote?

Amanda Solloway: My hon. Friend makes an important point. It is about education; ensuring that people are educated and thinking about how we use our future energy. However, it is also incumbent on us to ensure that we offer choices, which is why we are committed to offshore and to making sure that we are investing in science and technology and getting all of that technology available, thus making energy available in lots of different forms.

Jeremy Corbyn: After the last COP, the Prime Minister at the time, Boris Johnson, assured the House that there would be no funding whatsoever from British sources for fossil fuel developments anywhere in the world. Since then, the UK Government have announced their own fossil fuel developments with oil and gas extraction, so how on earth does the Minister expect to be taken seriously at COP when Britain itself is investing more in fossil fuels and then lecturing the rest of the world that they should not do so? Can she assure us that this COP is not just going to be an exercise in greenwash with a sideshow of oil dealing, and that it is going to be a serious attempt to deal with the serious, fundamental issues that this planet faces?

Amanda Solloway: Yes, UK production is declining. When we think about oil and gas, it is important that we think about having a balanced approach and making sure that we keep our supply going as it should. One of the things we are committed to is making sure that, on balance, we also have other options available. It is important to remember that, from an economic point of view, the jobs that are created are really important, from an oil and gas point of view, and of course that will be invested in green energy as well, so it is a cyclical thing to make sure that we are investing in our future.

Luke Evans: Having spent a year in the Energy Department, it has been an absolute pleasure to see how civil servants, businesses, the public and, indeed, Ministers are at the forefront of ensuring that the UK is the major economy that has decarbonised furthest and fastest in the world. We account for only 1% of emissions. We have the biggest offshore wind farm in the world, as well as the second biggest and the third biggest. We have more solar panels than France. We really are leading the way. So when we go to COP,  we need to make sure that others see that there is an advantage in doing this and join us on that journey. What will the Minister’s message be at COP to make sure that the world joins us on this journey?

Amanda Solloway: I thank my hon. Friend for making those points. He has worked closely with the Department and seen at first hand the work that we have been doing, and it is good to hear that reiterated in the House. One of the things that we are looking for is success at COP28, and success would be making sure that we are supporting those five measures but also progressing and making sure that we have a commitment to the world’s future and making a greener climate.

Richard Burgon: The Government are going into these global climate talks having announced new North sea oil and gas fields. If every country copied this Government’s approach of squeezing out every last drop of oil and gas, we would risk extreme global temperature rises of 3°C. Every respected climate body has warned of the dangers of this approach, so at the climate talks why should any other country listen to this Government when their policies are not compatible with the UK’s own climate commitments?

Amanda Solloway: Of course we are committed to doing other things as well, which is what I am reiterating. We have a commitment to making sure that we learn from research and development, and that we are looking at offshore wind, but we also need to be realistic, which is why we are looking at oil and gas. It will have an impact on the economy and it will help towards a greener economy because of the investment that will be made through the oil and gas finance.

Tobias Ellwood: Climate change is the single biggest threat to humanity, and I will be looking forward to attending COP28 myself. I am pleased that it is taking place in the middle east, given the need to transition away from fossil fuels. We seem to forget our own history, because it was us—in Persia, in Mesopotamia and on the Arab peninsula—that got the middle east on to the road of oil and gas exploration. Does my hon. Friend agree that we are able to get our CO2 emissions down today because of the offshore wind farms in the English channel, and that those are the result of a lot of investment from the United Arab Emirates?

Amanda Solloway: It is always a great pleasure to listen to my right hon. Friend, who reminds us of the history and of how we got to this point. However, we need to acknowledge all the good things that we are doing, and I reiterate that we are looking at ensuring sure that we have a secure energy future.

Alistair Carmichael: Is it not just a little bit embarrassing that as Ministers head to the Gulf for COP, the European Marine Energy Centre in my constituency is having to consult on downsizing and restructuring because the Minister’s colleagues in the Department of Levelling Up, Housing and Communities have been unable to provide the three-year funding stream that they had previously undertaken to provide? Will she speak to her colleagues in DLUHC to ensure that some certainty on that money  can be given, and that the centre can continue its genuinely world-leading work on the development of marine renewable energy?

Amanda Solloway: That is obviously not my Department, but I would be happy to take that away and facilitate a meeting, or indeed have a meeting myself.

Claire Hanna: New research by Ulster University finds that over 60% of homes in Northern Ireland will need to be retrofitted if we are to have a chance of meeting our net zero targets, and that at the current rate of retrofitting we have no chance of meeting our 2030 goals. Does the Minister believe that the support available to providers, such as the Northern Ireland Housing Executive and housing associations across the region, is adequate to allow them to tackle the climate breakdown and fuel poverty? Further, knowing the impact of climate change on the poorest countries in the world, will the Government finally make real the loss and damage fund to help those most affected to adapt and mitigate, and will she ensure that that fund is new money and not just a raid on existing pressed aid budgets?

Amanda Solloway: With the hon. Lady’s permission, I would prefer to write to her, because parts of those questions are slightly outside my remit. However, I reiterate that one of the things we are determined to do is tackle fuel poverty. That is one of the reasons why we have a commitment to do this. Also, there is a lot of support that people can get, and I would encourage everybody to get what they are entitled to.

Alistair Strathern: I have some great green innovators in my constituency, but it has been heartbreaking speaking to them over the last few months about the impact that the Government’s supposed reset on net zero is having on their businesses. They include new fuel cell producers, green aviation leaders, companies providing key supply chain parts to the car industry and renewable energy companies. Their businesses may be different, but the story is the same. The lack of action from the Government is making it harder for them to get investment, harder for them to create jobs and harder for them to bring growth to Mid Bedfordshire. My constituents ultimately saw through the Government’s shallow positioning on this issue, hearteningly for me, but it is unfortunate that this issue continues to hang over their prospects. How can we show leadership on this issue at COP28 at a time when the Government cannot even get out of the way of people looking to bring growth to my constituents?

Amanda Solloway: This Government have demonstrated a commitment to investment in all these areas. Particularly from a science and technology point of view, I know that UK Trade and Investment has immense commitment and gives out support for this. But there are many things that we have been doing. We have not just been investing in R&D from a science point of view. What we are doing is investing in offshore wind, in alternative fuel and in all those things that will enable us to get to where we need to be.

Richard Foord: In the UK, heating homes accounts for 14% of carbon emissions, and in England our homes produce more emissions  than cars do. That is not only costing the environment in the future; it is also costing taxpayers now. A decade ago, the then Prime Minister Cameron’s “green crap” riddance resulted in uninsulated lofts and in cavity walls being left unfilled. Given that that decision is now adding billions in additional costs to taxpayers and making it harder to meet the 2030 decarbonisation target, can the Minister ask the Foreign Secretary whether he regrets it?

Amanda Solloway: We are investing in making sure that homes are insulated and energy efficient. It is worth pointing out that between 1990 and 2021 the UK cut emissions by 48%, while growing the economy by more than 70%. I can, of course, pass on the hon. Gentleman’s message to the Foreign Secretary.

Points of Order

Peter Dowd: On a point of order, Madam Deputy Speaker. I would appreciate any advice you can give me on a matter of great interest and concern to my constituents. It relates to the attitude of National Highways officials in the north-west office. A freedom of information request revealed several emails that, in my view, show a worrying lack of candour and transparency in National Highways’ dealings with me in relation to the replacement of a footbridge on a major road in my constituency. In particular, I have been accused of “whipping up a frenzy” among my constituents in relation to that important safety matter—I am doing my job, not whipping up a frenzy. Any advice from you would be welcome.

Rosie Winterton: I thank the hon. Gentleman for giving me notice of his point of order. I certainly agree that he, or any other Member, should not be criticised for pursuing issues of concern to their constituents. The hon. Gentleman has put his concerns on the record, and I believe the Minister may wish to make a quick point.

Guy Opperman: Further to that point of order, Madam Deputy Speaker. The hon. Member for Bootle (Peter Dowd) was kind enough to notify me of his intention to make a point of order and I have already begun the process of looking into it. It is fair to say that he is a friend of mine, although I know that many will hold that against him. He is merely doing his job, and I will make sure that that continues.

Rosie Winterton: I was about to say that the hon. Gentleman might want to consider raising the issue with Ministers, but that has already happened. I am grateful to the Minister, and I am sure that the issue will be considered between the two of them.

Caroline Lucas: On a point of order, Madam Deputy Speaker. I was very grateful to Mr Speaker for granting my urgent question, but do you have any advice on what can be done when a Minister simply refuses to answer a single question and essentially abuses the procedures of the House? I asked 12 questions in good faith. The Minister was on her feet for 49 seconds, during which time we learned that the Secretary of State is at COP, that there is a Department for Energy Security and Net Zero, and that the Minister’s granddaughter cares a lot about the planet. That is all very fascinating but it did not answer a single one of my questions. How can we do our jobs as Members holding the Government to account when Ministers can stand at the Dispatch Box for 49 seconds and not answer a single question on an issue deemed worthy of an urgent question?

Rosie Winterton: I thank the hon. Lady for her point of order, but I am not responsible for the answers given by Ministers. I believe the Minister would like to say something.

Amanda Solloway: Further to that point of order, Madam Deputy Speaker. I believed  that I had answered most of the questions the hon. Lady asked in my opening remarks. My understanding was that I was to give a short response. If there is anything I have not responded to, I am happy to respond in writing. My right hon. Friend the Member for Suffolk Coastal (Dr Coffey) made the important point that there have been previous debates on this issue, and I suggest that if the hon. Lady had turned up to those debates, she would have been able to have a fuller—[Hon. Members: “Hear, hear.”]

Rosie Winterton: Order. I thank the Minister for that response. Both the hon. Lady and the Minister have put their views on the record. I am sure that there will be further opportunities after the summit for the issues to be discussed.

Caroline Lucas: rose—

Rosie Winterton: I do not want to prolong this exchange, but I will allow a very brief point.

Caroline Lucas: On the point made by the right hon. Member for Suffolk Coastal (Dr Coffey) and just now by the Minister, they will know that there is one person representing my party and I cannot be in two places at once—I am working on it! There are 350 Conservative Members, and just one Back Bencher was at the debate last week. I suggest that they look at getting their own house in order before criticising this side.

Rosie Winterton: This is getting way beyond anything resembling a point of order, so we should move on swiftly.

Bill Presented

Post Office (Horizon System) Compensation Bill

Presentation and First Reading (Standing Order No. 57)
Secretary Kemi Badenoch, supported by the Prime Minister, Secretary Oliver Dowden, Secretary James Cleverly, Secretary Grant Shapps, Secretary Alex Chalk, Secretary Michelle Donelan, Secretary Michael Gove, Secretary Mel Stride and Secretary Alister Jack, presented a Bill to provide for the payment out of money provided by Parliament of expenditure incurred by the Secretary of State under, or in connection with, schemes or other arrangements to compensate persons affected by the Horizon system and in respect of other matters identified in legal proceedings relating to the Horizon system.
Bill read the First time; to be read a Second time tomorrow, and to be printed (Bill 16) with explanatory notes (Bill 16-EN).

Data Protection and Digital  Information Bill

Bill to be considered

Rosie Winterton: Mr Speaker has selected the recommittal motion in the name of Sir Chris Bryant. I call him to move the motion.

Chris Bryant: I beg to move,
That the Bill be re-committed to a Public Bill Committee.
First, I wish to briefly refer to the death yesterday morning of my predecessor as Member of Parliament for Rhondda, Allan Rogers. I know that many Members found him a good colleague to work with, and I believe that he spent many hours on the Channel Tunnel Act 1987. I sometimes think that the people who do such Bills on behalf of all of us deserve a medal. I am sure the whole House sends its best regards and deepest condolences to his family.
Our core job as Members of Parliament is the scrutiny of legislation, teasing out whether a proposal will do what it says, whether it is necessary and proportionate, and whether it has public support. The Government have had total control of the Order Paper since 1902, so we can do that job properly only if the Government get their act together and play ball. That is what enables the line-by-line consideration of the laws that bind us. It is what makes us a functioning democracy. We need to send the Bill back to Committee because we simply cannot do that job properly today.
Let us recall how we got here. A first version of the Data Protection and Digital Information Bill was introduced by the previous Member for Mid Bedfordshire on 18 July 2022. It was such a mess that it never even made it to Second Reading. Nadine Dorries was sacked in September last year, and six months later the Bill was sacked as well, to be replaced by a new and improved No. 2 Bill, which had its Second Reading on 17 April and completed its Committee stage on 24 May. That was 190 days ago.
I do not know what has prompted all the delay. Was it the general chaos in Government? Perhaps the Government do not fully understand the term “with immediate effect”. I like the Minister, and I have known and worked with him on many different issues for many years. I had a meeting with him and his officials on Thursday 16 November. He told me then that on Report the Government would table only a few minor and technical amendments to the Bill, which he hoped everyone would be able to agree fairly easily.
On the last available day, 182 days after Committee, the Government brought out 240 amendments. Some are indeed minor and technical, but many are very significant. They strike to the heart of the independence of the new Information Commission, they alter the rights of the public in making subject access requests, and they amend our system in a way that may or may not enhance our data adequacy with the US and the European Union and therefore British businesses’ ability to rely on UK legislation to trade overseas. In some instances, they give very extensive new powers to Ministers, and they introduce completely new topics that have never been previously mooted, debated or scrutinised  by Parliament in relation to this Bill, which already has more baubles on it than the proverbial Christmas tree. The end result is that we have 156 pages of amendments to consider today in a single debate.
Yes, we could have tabled amendments to the Government amendments, but they would not have been selectable, and we would not have been able to vote on them. So the way the Government have acted, whether knowingly, recklessly or incompetently, means that the Commons cannot carry out line-by-line consideration of what will amount to more than 90 pages of new laws, 38 new clauses and two new schedules, one of which is 19 pages long. Some measures will barely get a minute’s consideration today. That is not scrutiny; it is a blank cheque.
Yesterday, I made a generous offer to the Minister for Disabled People, Health and Work, the hon. Member for Corby (Tom Pursglove), who is sitting on the Front Bench and whom I also like. We recognise that some of the issues need to be addressed, so we said: “Recommit the Bill so we can help you get this right in the Commons, and we will commit to have it out of Committee in a fortnight. It could go to the Lords with all parties’ support by Christmas.”
Let me repeat: this is no way to scrutinise a Bill, particularly one that gives the Government sweeping powers and limits the rights of our fellow citizens, the public. Sadly, it is part of a growing trend, but “legislate at speed, repent at leisure” should not be our motto. Some will say something that is commonly said these days: “Let it go through to the Lords so they can amend it.” But I am sick of abdicating responsibility for getting legislation right. It is our responsibility. We should not send Bills through that are, at best, half-considered. We are the elected representatives. We cannot just pass the parcel to the Lords. We need to do our job properly. We cannot do that today without recommitting the Bill.

John Whittingdale: I begin by joining the hon. Member for Rhondda (Sir Chris Bryant) in expressing the condolences of the House to his predecessor, Allan Rogers. He served as a Member of Parliament during my first nine years in this place. I remember him as an assiduous constituency Member of Parliament, and I am sure we all share the sentiments expressed by the hon. Gentleman.
It is a pleasure to return to the Dispatch Box to lead the House through Report stage of the Bill. We spent considerable time discussing it in Committee, but the hon. Gentleman was not in his post at that time. I welcome him to his position. He may regret that he missed out on Committee stage, which makes him keen to return to it today.
The Bill is an essential piece of legislation that will update the UK’s data laws, making them among the most effective in the world. We scrutinised it in depth in Committee. The hon. Gentleman is right that the Government have tabled a number of amendments for the House to consider today, and he has done the same. The vast majority are technical, and the number sounds large because a lot are consequential on original amendments. One or two address new aspects, and  I will be happy to speak to those as we go through them during this afternoon’s debate. Nevertheless, they represent important additions to the Bill.
The Minister for Disabled People, Health and Work, my hon. Friend the Member for Corby (Tom Pursglove), who is sitting next to me, has drawn the House’s attention to the fact that amending the Bill to allow the Department for Work and Pensions access to financial data will make a significant contribution to identifying fraud. I would have thought that the Opposition would welcome that. It is not a new measure; it was contained in the fraud plan that the Government published back in May 2022. The Government have been examining that measure, and we have always made it clear that we would bring it forward at an appropriate parliamentary time when a vehicle was available. This is a data Bill, and the measure is specific to it. We estimate that it will result in a saving to the taxpayer of around £500 million by the end of 2028-29. I am surprised that the Opposition should question that.
As I said, the Bill has been considered at length in Committee. It is important that we consider it on Report, in order that it achieve the next stage of its progress through Parliament. On that basis, I reject the motion.
Question put.

The House divided: Ayes 209, Noes 275.
Question accordingly negatived.

New Clause 6 - Processing in reliance on  relevant international law

“(1) The UK GDPR is amended in accordance with subsections (2) to (5).
(2) In Article 6(3) (lawfulness of processing: basis in domestic law)—
(a) in the first subparagraph, omit “and (e)”,
(b) after that subparagraph insert—
“The basis for the processing referred to in point (e) of paragraph 1 must be laid down by domestic law or relevant international law (see section 9A of the 2018 Act).”
(c) in the last subparagraph, in the last sentence, after “domestic law” insert “or relevant international law”.
(3) In Article 8A(3)(e) (purpose limitation: further processing necessary to safeguard an objective listed in Article 23(1)) (inserted by section 6 of this Act), at the end insert “or by relevant international law (see section 9A of the 2018 Act)”.
(4) In Article 9 (processing of special categories of personal data)—
(a) in paragraph 2(g) (substantial public interest), after “domestic law” insert “, or relevant international law,”, and
(b) in paragraph 5, before point (a) insert—
“(za) section 9A makes provision about when the requirement in paragraph 2(g) of this Article for a basis in relevant international law is met;”
(5) In Article 10 (processing of personal data relating to criminal convictions and offences)—
(a) in paragraph 1, after “domestic law” insert “, or relevant international law,”, and
(b) in paragraph 2, before point (a) insert—
“(za) section 9A makes provision about when the requirement in paragraph 1 of this Article for authorisation by relevant international law is met;”
(6) The 2018 Act is amended in accordance with subsections (7) and (8).
(7) Before section 10 (and the italic heading before that section) insert—
“Relevant international law
9A Processing in reliance on relevant international law
(1) Processing of personal data meets the requirement in Article 6(3), 8A(3)(e), 9(2)(g) or 10(1) of the UK GDPR for a basis in, or authorisation by, relevant international law only if it meets a condition in Schedule A1.
(2) A condition in Schedule A1 may be relied on for the purposes of any of those provisions, unless that Schedule provides otherwise.
(3) The Secretary of State may by regulations amend Schedule A1 by adding, varying or omitting—
(a) conditions,
(b) provision about the purposes for which a condition may be relied on, and
(c) safeguards in connection with processing carried out in reliance on a condition in the Schedule.
(4) Regulations under this section may only add a condition relating entirely or partly to a treaty ratified by the United Kingdom.
(5) Regulations under this section are subject to the affirmative resolution procedure.
(6) In this section, “treaty” and “ratified” have the same meaning as in Part 2 of the Constitutional Reform and Governance Act 2010 (see section 25 of that Act).”
(8) Before Schedule 1 insert—

“Schedule A1 - Processing in reliance on relevant  international law

This condition is met where the processing is necessary for the purposes of responding to a request made in accordance with the Agreement between the Government of the United Kingdom of Great Britain and Northern Ireland and the Government of the United States of America on Access to Electronic Data for the Purpose of Countering Serious Crime, signed on 3 October 2019.””—(Sir John Whittingdale.)
This new clause provides expressly that, for the purposes of satisfying requirements in Articles 6(1)(e), 8A(3)(e), 9(2)(g) and 10(1) of the UK GDPR, a controller or processor may rely on processing having a basis in, or being authorised by, certain international law.
Brought up, and read the First time.
1.37 pm

John Whittingdale: I beg to move, That the clause be read a Second time.

Rosie Winterton: With this it will be convenient to discuss the following:
Government new clause 48—Processing of personal data revealing political opinions.
Government new clause 7—Searches in response to data subjects’ requests.
Government new clause 8—Notices from the Information Commissioner.
Government new clause 9—Court procedure in connection with subject access requests.
Government new clause 10—Approval of a supplementary code.
Government new clause 11—Designation of a supplementary code.
Government new clause 12—List of recognised supplementary codes.
Government new clause 13—Change to conditions for approval or designation.
Government new clause 14—Revision of a recognised supplementary code.
Government new clause 15—Applications for approval and re-approval.
Government new clause 16—Fees for approval, re-approval and continued approval.
Government new clause 17—Request for withdrawal of approval.
Government new clause 18—Removal of designation.
Government new clause 19—Registration of additional services.
Government new clause 20—Supplementary notes.
Government new clause 21—Addition of services to supplementary notes.
Government new clause 22—Duty to remove services from the DVS register.
Government new clause 23—Duty to remove supplementary notes from the DVS register.
Government new clause 24—Duty to remove services from supplementary notes.
Government new clause 25—Index of defined terms for Part 2.
Government new clause 26—Powers relating to verification of identity or status.
Government new clause 27—Interface bodies.
Government new clause 28—The FCA and financial services interfaces.
Government new clause 29—The FCA and financial services interfaces: supplementary.
Government new clause 30—The FCA and financial services interfaces: penalties and levies.
Government new clause 31—Liability and damages.
Government new clause 32—Other data provision.
Government new clause 33—Duty to notify the Commissioner of personal data breach: time periods.
Government new clause 34—Power to require information for social security purposes.
Government new clause 35—Retention of information by providers of internet services in connection with death of child.
Government new clause 36—Retention of biometric data and recordable offences.
Government new clause 37—Retention of pseudonymised biometric data.
Government new clause 38—Retention of biometric data from INTERPOL.
Government new clause 39—National Underground Asset Register.
Government new clause 40—Information in relation to apparatus.
Government new clause 41—Pre-commencement consultation.
Government new clause 42—Transfer of certain functions of Secretary of State.
New clause 1—Processing of data in relation to a case-file prepared by the police service for submission to the Crown Prosecution Service for a charging decision—
“(1) The 2018 Act is amended in accordance with subsection (2).
(2) In the 2018 Act, after section 40 insert—
“40A Processing of data in relation to a case-file prepared by the police service for submission to the Crown Prosecution Service for a charging decision
(1) This section applies to a set of processing operations consisting of the preparation of a case-file by the police service for submission to the Crown Prosecution Service for a charging decision, the making of a charging decision by the Crown Prosecution Service, and the return of the case-file by the Crown Prosecution Service to the police service after a charging decision has been made.
(2) The police service is not obliged to comply with the first data protection principle except insofar as that principle requires processing to be fair, or the third data protection principle, in preparing a case-file for submission to the Crown Prosecution Service for a charging decision.
(3) The Crown Prosecution Service is not obliged to comply with the first data protection principle except insofar as that principle requires processing to be fair, or the third data protection principle, in making a charging decision on a case-file submitted for that purpose by the police service.
(4) If the Crown Prosecution Service decides that a charge will not be pursued when it makes a charging decision on a case-file submitted for that purpose by   the police service it must take all steps reasonably required to destroy and delete all copies of the case-file in its possession.
(5) If the Crown Prosecution Service decides that a charge will be pursued when it makes a charging decision on a case-file submitted for that purpose by the police service it must return the case-file to the police service and take all steps reasonably required to destroy and delete all copies of the case-file in its possession.
(6) Where the Crown Prosecution Service decides that a charge will be pursued when it makes a charging decision on a case-file submitted for that purpose by the police service and returns the case-file to the police service under subsection (5), the police service must comply with the first data protection principle and the third data protection principle in relation to any subsequent processing of the data contained in the case-file.
(7) For the purposes of this section—
(a) The police service means—
(i) constabulary maintained by virtue of an enactment, or
(ii) subject to section 126 of the Criminal Justice and Public Order Act 1994 (prison staff not to be regarded as in police service), any other service whose members have the powers or privileges of a constable.
(b) The preparation of, or preparing, a case-file by the police service for submission to the Crown Prosecution Service for a charging decision includes the submission of the file.
(c) A case-file includes all information obtained by the police service for the purpose of preparing a case-file for submission to the Crown Prosecution Service for a charging decision.””
This new clause adjusts Section 40 of the Data Protection Act 2018 to exempt the police service and the Crown Prosecution Service from the first and third data protection principles contained within the 2018 Act so that they can share unredacted data with one another when making a charging decision.
New clause 2—Common standards and timeline for implementation—
“(1) Within one month of the passage of this Act, the Secretary of State must by regulations require those appointed as decision-makers to create, publish and update as required open and common standards for access to customer data and business data.
(2) Standards created by virtue of subsection (1) must be interoperable with those created as a consequence of Part 2 of the Retail Banking Market Investigation Order 2017, made by the Competition and Markets Authority.
(3) Regulations under section 66 and 68 must ensure interoperability of customer data and business data with standards created by virtue of subsection (1).
(4) Within one month of the passage of this Act, the Secretary of State must publish a list of the sectors to which regulations under section 66 and section 68 will apply within three years of the passage of the Act, and the date by which those regulations will take effect in each case.”
This new clause, which is intended to be placed in Part 3 (Customer data and business data) of the Bill, would require interoperability across all sectors of the economy in smart data standards, including the Open Banking standards already in effect, and the publication of a timeline for implementation.
New clause 3—Provision about representation of data subjects—
“(1) Section 190 of the Data Protection Act 2018 is amended as follows.
(2) In subsection (1), leave out “After the report under section 189(1) is laid before Parliament, the Secretary of State may” and insert “The Secretary of State must, within three months of the passage of the Data Protection and Digital Information Act 2024,”.”
This new clause would require the Secretary of State to exercise powers under s190 DPA2018 to allow organisations to raise data breach complaints on behalf of data subjects generally, in the absence of a particular subject who wishes to bring forward a claim about misuse of their own personal data.
New clause 4—Review of notification of changes of circumstances legislation—
“(1) The Secretary of State must commission a review of the operation of the Social Security (Notification of Changes of Circumstances) Regulations 2010.
(2) In conducting the review, the designated reviewer must—
(a) consider the current operation and effectiveness of the legislation;
(b) identify any gaps in its operation and provisions;
(c) consider and publish recommendations as to how the scope of the legislation could be expanded to include non-public sector, voluntary and private sector holders of personal data.
(3) In undertaking the review, the reviewer must consult—
(a) specialists in data sharing;
(b) people and organisations who campaign for the interests of people affected by the legislation;
(c) people and organisations who use the legislation;
(d) any other persons and organisations the review considers appropriate.
(4) The Secretary of State must lay a report of the review before each House of Parliament within six months of this Act coming into force.”
This new clause requires a review of the operation of the “Tell Us Once” programme, which seeks to provide simpler mechanisms for citizens to pass information regarding births and deaths to government, and consideration of whether the progress of “Tell Us Once” could be extended to non-public sector holders of data.
New clause 5—Definition of “biometric data”—
“Article 9 of the UK GDPR is amended by the omission, in paragraph 1, of the words “for the purpose of uniquely identifying a natural person”.”
This new clause would amend the UK General Data Protection Regulation to extend the protections currently in place for biometric data for identification to include biometric data for the purpose of classification.
New clause 43—Right to use non-digital verification services—
“(1) This section applies when an organisation—
(a) requires an individual to use a verification service, and
(b) uses a digital verification service for that purpose.
(2) The organisation—
(a) must make a non-digital alternative method of verification available to any individual required to use a verification service, and
(b) must provide information about digital and non-digital methods of verification to those individuals before verification is required.”
This new clause, which is intended for insertion into Part 2 of the Bill (Digital verification services), creates the right for data subjects to use non-digital identity verification services as an alternative to digital verification services, thereby preventing digital verification from becoming mandatory in certain settings.
New clause 44—Transfer of functions to the Investigatory Powers Commissioner’s Office—
“The functions of the Surveillance Camera Commissioner are transferred to the Investigatory Powers Commissioner.”
New clause 45—Interoperability of data and collection of comparable healthcare statistics across the UK—
“(1) The Health and Social Care Act 2012 is amended as follows.
(2) After section 250, insert the following section—
“250A Interoperability of data and collection of comparable healthcare statistics across the UK
(1) The Secretary of State must prepare and publish an information standard specifying binding data interoperability requirements which apply across the whole of the United Kingdom.
(2) An information standard prepared and published under this section—
(a) must include guidance about the implementation of the standard;
(b) may apply to any public body which exercises functions in connection with the provision of health services anywhere in the United Kingdom.
(3) A public body to which an information standard prepared and published under this section applies must have regard to the standard.
(4) The Secretary of State must report to Parliament each year on progress on the implementation of an information standard prepared in accordance with this section.
(5) For the purposes of this section—
“health services” has the same meaning as in section 250 of this Act, except that for “in England” there is substituted “anywhere in the United Kingdom”, and “the health service” in parts of the United Kingdom other than England has the meaning given by the relevant statute of that part of the United Kingdom;
“public body” has the same meaning as in section 250 of this Act.”
(3) In section 254 (Powers to direct NHS England to establish information systems), after subsection (2), insert—
“(2A) The Secretary of State must give a direction under subsection (1) directing NHS England to collect and publish information about healthcare performance and outcomes in all parts of the United Kingdom in a way which enables comparison between different parts of the United Kingdom.
(2B) Before giving a direction by virtue of subsection (2A), the Secretary of State must consult—
(a) the bodies responsible for the collection and publication of official statistics in each part of the United Kingdom,
(b) Scottish Ministers,
(c) Welsh Ministers, and
(d) Northern Ireland departments.
(2C) The Secretary of State may not give a direction by virtue of subsection (2A) unless a copy of the direction has been laid before, and approved by resolution of, both Houses of Parliament.
(2D) Scottish Ministers, Welsh Ministers and Northern Ireland departments must arrange for the information relating to the health services for which they have responsibility described in the direction given by virtue of subsection (2A) to be made available to NHS England in accordance with the direction.
(2E) For the purposes of a direction given by virtue of subsection (2A), the definition of “health and social care body” given in section 259(11) applies as if for “England” there were substituted “the United Kingdom”.””
New clause 46—Assessment of impact of Act on EU adequacy—
“(1) Within six months of the passage of this Act, the Secretary of State must carry out an assessment of the impact of the Act on EU adequacy, and lay a report of that assessment before both Houses of Parliament.
(2) The report must assess the impact on—
(a) data risk, and
(b) small and medium-sized businesses.
(3) The report must quantify the impact of the Act in financial terms.”
New clause 47—Review of the impact of the Act on anonymisation and the identifiability of data subjects—
“(1) Within six months of the passage of this Act, the Secretary of State must lay before Parliament the report of an assessment of the impact of the measures in the Act on anonymisation and the identifiability of data subjects.
(2) The report must include a comparison between the rights afforded to data subjects under this Act with those afforded to data subjects by the EU General Data Protection Regulation.”
Amendment 278, in clause 5, page 6, line 15, leave out paragraphs (b) and (c).
This amendment and Amendment 279 would remove the power for the Secretary of State to create pre-defined and pre-authorised “recognised legitimate interests”, for data processing. Instead, the current test would continue to apply in which personal data can only be processed in pursuit of a legitimate interest, as balanced with individual rights and freedoms.
Amendment 279, page 6, line 23, leave out subsections (4), (5) and (6).
See explanatory statement to Amendment 278.
Amendment 230, page 7, leave out lines 1 and 2 and insert—
“8. The Secretary of State may not make regulations under paragraph 6 unless a draft of the regulations has been laid before both Houses of Parliament for the 60-day period.
8A. The Secretary of State must consider any representations made during the 60-day period in respect of anything in the draft regulations laid under paragraph 8.
8B. If, after the end of the 60-day period, the Secretary of State wishes to proceed to make the regulations, the Secretary of State must lay before Parliament a draft of the regulations (incorporating any changes the Secretary of State considers appropriate pursuant to paragraph 8A).
8C. Draft regulations laid under paragraph 8B must, before the end of the 40-day period, have been approved by a resolution of each House of Parliament.
8D. In this Article—
“the 40-day period” means the period of 40 days beginning on the day on which the draft regulations mentioned in paragraph 8 are laid before Parliament (or, if it is not laid before each House of Parliament on the same day, the later of the days on which it is laid);
“the 60-day period” means the period of 60 days beginning on the day on which the draft regulations mentioned in paragraph 8B are laid before Parliament (or, if it is not laid before each House of Parliament on the same day, the later of the days on which it is laid).
8E. When calculating the 40-day period or the 60-day period for the purposes of paragraph 8D, ignore any period during which Parliament is dissolved or prorogued or during which both Houses are adjourned for more than 4 days.”
This amendment would make regulations made in respect of recognised legitimate interest subject to a super-affirmative Parliamentary procedure.
Amendment 11, page 7, line 12, at end insert—
““internal administrative purposes” , in relation to special category data, means the conditions set out for lawful processing in paragraph 1 of Schedule 1 of the Data Protection Act 2018.”
This amendment clarifies that the processing of special category data in employment must follow established principles for reasonable processing, as defined by paragraph 1 of Schedule 1 of the Data Protection Act 2018.
Government amendment 252.
Amendment 222, page 10, line 8, leave out clause 8.
Amendment 3, in clause 8, page 10, leave out line 31.
This amendment would mean that the resources available to the controller could not be taken into account when determining whether a request is vexatious or excessive.
Amendment 2, page 11, line 34, at end insert—
“(6A) When informing the data subject of the reasons for not taking action on the request in accordance with subsection (6), the controller must provide evidence of why the request has been treated as vexatious or excessive.”
This amendment would require the data controller to provide evidence of why a request has been considered vexatious or excessive if the controller is refusing to take action on the request.
Government amendment 17.
Amendment 223, page 15, line 22, leave out clause 10.
Amendment 224, page 18, line 7, leave out clause 12.
Amendment 236, in clause 12, page 18, line 21, at end insert—
“(c) a data subject is an identified or identifiable individual who is affected by a significant decision, irrespective of the direct presence of their personal data in the decision-making process.”
This amendment would clarify that a “data subject” includes identifiable individuals who are subject to data-based and automated decision-making, whether or not their personal data is directly present in the decision-making process.
Amendment 232, page 19, line 12, leave out “solely” and insert “predominantly”.
This amendment would mean safeguards for data subjects’ rights, freedoms and legitimate interests would have to be in place in cases where a significant decision in relation to a data subject was taken based predominantly, rather than solely, on automated processing.
Amendment 5, page 19, line 12, after “solely” insert “or partly”.
This amendment would mean that the protections provided for by the new Article 22C would apply where a decision is based either solely or partly on automated processing, not only where it is based solely on such processing.
Amendment 233, page 19, line 18, at end insert
“including the reasons for the processing.”
This amendment would require data controllers to provide the data subject with the reasons for the processing of their data in cases where a significant decision in relation to a data subject was taken based on automated processing.
Amendment 225, page 19, line 18, at end insert—
“(aa) require the controller to inform the data subject when a decision described in paragraph 1 has been taken in relation to the data subject;”.
Amendment 221, page 20, line 3, at end insert—
“7. When exercising the power to make regulations under this Article, the Secretary
of State must have regard to the following statement of principles:
Digital information principles at work
1. People should have access to a fair, inclusive and trustworthy digital environment
at work.
2. Algorithmic systems should be designed and used to achieve better outcomes:
to make work better, not worse, and not for surveillance. Workers and their
representatives should be involved in this process.
3. People should be protected from unsafe, unaccountable and ineffective
algorithmic systems at work. Impacts on individuals and groups must be assessed
in advance and monitored, with reasonable and proportionate steps taken.
4. Algorithmic systems should not harm workers’ mental or physical health, or
integrity.
5. Workers and their representatives should always know when an algorithmic
system is being used, how and why it is being used, and what impacts it may
have on them or their work.
6. Workers and their representatives should be involved in meaningful consultation
before and during use of an algorithmic system that may significantly impact
work or people.
7. Workers should have control over their own data and digital information collected
about them at work.
8. Workers and their representatives should always have an opportunity for human
contact, review and redress when an algorithmic system is used at work where
it may significantly impact work or people. This includes a right to a written
explanation when a decision is made.
9. Workers and their representatives should be able to use their data and digital
technologies for contact and association to improve work quality and conditions.
10. Workers should be supported to build the information, literacy and skills needed
to fulfil their capabilities through work transitions.”
This amendment would insert into new Article 22D of the UK GDPR a requirement for the Secretary of State to have regard to the statement of digital information principles at work when making regulations about automated decision-making.
Amendment 4, in clause 15, page 25, line 4, at end insert
“(including in the cases specified in sub-paragraphs (a) to (c) of paragraph 3 of Article 35)”.
This amendment, together with Amendment 1, would provide a definition of what constitutes “high risk processing” for the purposes of applying Articles 27A, 27B and 27C, which require data controllers to designate, and specify the duties of, a “senior responsible individual” with responsibility for such processing.
Government amendments 18 to 44.
Amendment 12, in page 32, line 7, leave out clause 17.
This amendment keeps the current requirement on police in the Data Protection Act 2018 to justify why they have accessed an individual’s personal data.
Amendment 1, in clause 18, page 32, line 18, leave out paragraph (c) and insert—
“(c) omit paragraph 2,
(ca) in paragraph 3—
(i) for “data protection” substitute “high risk processing”,
(ii) in sub-paragraph (a), for “natural persons” substitute “individuals”,
(iii) in sub-paragraph (a) for “natural person” substitute “individual” in both places where it occurs,
(cb) omit paragraphs 4 and 5,”.
This amendment would leave paragraph 3 of Article 35 of the UK GDPR in place (with amendments reflecting amendments made by the Bill elsewhere in the Article), thereby ensuring that there is a definition of “high risk processing” on the face of the Regulation.
Amendment 226, page 39, line 38, leave out clause 26.
Amendment 227, page 43, line 2, leave out clause 27.
Amendment 228, page 46, line 32, leave out clause 28.
Government amendment 45.
Amendment 235, page 57, line 29, leave out clause 34.
This amendment would leave in place the existing regime, which refers to “manifestly unfounded” or excessive requests to the Information Commissioner, rather than the proposed change to “vexatious” or excessive requests.
Government amendments 46 and 47.
Amendment 237, in clause 48, page 77, line 4, leave out “individual” and insert “person”.
This amendment and Amendments 238 to 240 are intended to enable the digital verification services covered by the Bill to include verification of organisations as well as individuals.
Amendment 238, page 77, line 5, leave out “individual” and insert “person”.
See explanatory statement to Amendment 237.
Amendment 239, page 77, line 6, leave out “individual” and insert “person”.
See explanatory statement to Amendment 237.
Amendment 240, page 77, line 7, leave out “individual” and insert “person”.
See explanatory statement to Amendment 237.
Amendment 241, page 77, line 8, at end insert (on new line)—
“and the facts which may be so ascertained, verified or confirmed may include the fact that an individual has a claimed connection with a legal person.”
This amendment would ensure that the verification services covered by the Bill will include verification that an individual has a claimed connection with a legal person.
Government amendments 48 to 50.
Amendment 280, in clause 49, page 77, line 13, at end insert—
“(2A) The DVS trust framework must include a description of how the provision of digital verification services is expected to uphold the Identity Assurance Principles.
(2B) Schedule (Identity Assurance Principles) describes each Identity Assurance Principle and its effect.”
Amendment 281, page 77, line 13, at end insert—
“(2A) The DVS trust framework must allow valid attributes to be protected by zero-knowledge proof and other decentralised technologies, without restriction upon how and by whom those proofs may be held or processed.”
Government amendments 51 to 66.
Amendment 248, in clause 52, page 79, line 7, at end insert—
“(1A) A determination under subsection (1) may specify an amount which is tiered to the size of the person and its role as specified in the DVS trust framework.”
This amendment would enable fees for application for registration in the DVS register to be determined on the basis of the size and role of the organisation applying to be registered.
Amendment 243, page 79, line 8, after “may”, insert “not”.
This amendment would provide that the fee for application for registration in the DVS register could not exceed the administrative costs of determining the application.
Government amendment 67.
Amendment 244, page 79, line 13, after “may”, insert “not”.
This amendment would provide that the fee for continued registration in the DVS register could not exceed the administrative costs of that registration.
Government amendment 68.
Amendment 245, page 79, line 21, at end insert—
“(10) The fees payable under this section must be reviewed every two years by the National Audit Office.”
This amendment would provide that the fees payable for DVS registration must be reviewed every two years by the NAO.
Government amendments 69 to 77.
Amendment 247, in clause 54, page 80, line 38, after “person”, insert “or by other parties”.
This amendment would enable others, for example independent experts, to make representations about a decision to remove a person from the DVS register, as well as the person themselves.
Amendment 246, page 81, line 7, at end insert—
“(11) The Secretary of State may not exercise the power granted by subsection (1) until the Secretary of State has consulted on proposals for how a decision to remove a person from the DVS register will be reached, including—
(a) how information will be collected from persons impacted by a decision to remove the person from the register, and from others;
(b) how complaints will be managed;
(c) how evidence will be reviewed;
(d) what the burden of proof will be on which a decision will be based.”
This amendment would provide that the power to remove a person from the DVS register could not be exercised until the Secretary of State had consulted on the detail of how a decision to remove would be reached.
Government amendments 78 to 80.
Amendment 249, in clause 62, page 86, line 17, at end insert—
“(3A) A notice under this section must give the recipient of the notice an opportunity to consult the Secretary of State on the content of the notice before providing the information required by the notice.”
This amendment would provide an option for consultation between the Secretary of State and the recipient of an information notice before the information required by the notice has to be provided.
Government amendment 81.
Amendment 242, in clause 63, page 87, line 21, leave out “may” and insert “must”.
This amendment would require the Secretary of State to make arrangements for a person to exercise the Secretary of State’s functions under this Part of the Bill, so that an independent regulator would perform the relevant functions and not the Secretary of State.
Amendment 250, in clause 64, page 87, line 34, at end insert—
“(1A) A report under subsection (1) must include a report on any arrangements made under section 63 for a third party to exercise functions under this Part.”
This amendment would require information about arrangements for a third party to exercise functions under this Part of the Bill to be included in the annual reports on the operation of the Part.
Government amendments 82 to 196.
Amendment 6, in clause 83, page 107, leave out from line 26 to the end of line 34 on page 108.
This amendment would leave out the proposed new regulation 6B of the PEC Regulations, which would enable consent to be given, or an objection to be made, to cookies automatically.
Amendment 217, page 109, line 20, leave out clause 86.
This amendment would leave out the clause which would enable the sending of direct marketing electronic mail on a “soft opt-in” basis.
Amendment 218, page 110, line 1, leave out clause 87.
This amendment would remove the clause which would enable direct marketing for the purposes of democratic engagement. See also Amendment 220.
Government amendments 253 to 255.
Amendment 219, page 111, line 6, leave out clause 88.
This amendment is consequential on Amendment 218.
Government amendments 256 to 265.
Amendment 7, in clause 89, page 114, line 12, at end insert—
“(2A) A provider of a public electronic communications service or network is not required to intercept or examine the content of any communication in order to comply with their duty under this regulation.”
This amendment would clarify that a public electronic communications service or network is not required to intercept or examine the content of any communication in order to comply with their duty to notify the Commissioner of unlawful direct marketing.
Amendment 8, page 117, line 3, at end insert—
“(5) In regulation 1—
(a) at the start, insert “(1)”;
(b) after “shall”, insert “save for regulation 26A”;
(c) at end, insert—
“(2) Regulation 26A comes into force six months after the Commissioner has published guidance under regulation 26C (Guidance in relation to regulation 26A).””
This amendment would provide for the new regulation 26A, Duty to notify Commissioner of unlawful direct marketing, not to come into force until six months after the Commissioner has published guidance in relation to that duty.
Government amendment 197.
Amendment 251, in clause 101, page 127, line 3, leave out “and deaths” and insert “, deaths and deed polls”.
This amendment would require deed poll information to be kept to the same standard as records of births and deaths.
Amendment 9, page 127, line 24, at end insert—
“(2A) After section 25, insert—
“25A Review of form in which registers are to be kept
(1) The Secretary of State must commission a review of the provisions of this Act and of related legislation, with a view to the creation of a single digital register of births and deaths.
(2) The review must consider and make recommendations on the effect of the creation of a single digital register on—
(a) fraud,
(b) data collection, and
(c) ease of registration.
(3) The Secretary of State must lay a report of the review before each House of Parliament within six months of this section coming into force.””
This amendment would insert a new section into the Births and Deaths Registration Act 1953 requiring a review of relevant legislation, with consideration of creating a single digital register for registered births and registered deaths and recommendations on the effects of such a change on reducing fraud, improving data collection and streamlining digital registration.
Government amendment 198.
Amendment 229, in clause 112, page 135, line 8, leave out subsections (2) and (3).
Amendment 10, in clause 113, page 136, line 35, leave out
“which allows or confirms the unique identification of that individual”.
This amendment would amend the definition of “biometric data” for the purpose of the oversight of law enforcement biometrics databases so as to extend the protections currently in place for biometric data for identification to include biometric data for the purpose of classification.
Government amendments 199 to 207.
Government new schedule 1—Power to require information for social security purposes.
Government new schedule 2—National Underground Asset Register: monetary penalties.
New schedule 3—Identity Assurance Principles—

“Part 1 - Definitions

1 These Principles are limited to the processing of Identity Assurance Data (IdA Data) in an Identity Assurance Service (e.g. establishing and verifying identity of a Service User; conducting a transaction that uses a user identity; maintaining audit requirements in relation a transaction associated with the use of a service that needs identity verification etc.). They do not cover, for example, any data used to deliver a service, or to measure its quality.
2 In the context of the application of the Identity Assurance Principles to an Identity Assurance Service, “Identity Assurance Data” (“IdA Data”) means any recorded information that is connected with a “Service User” including—
“Audit Data.” This includes any recorded information that is connected with any log or audit associated with an Identity Assurance Service.
“General Data.” This means any other recorded information which is not personal data, audit data or relationship data, but is still connected with a “Service User”.
“Personal Data.” This takes its meaning from the Data Protection Act 2018 or subsequent legislation (e.g. any recorded information that relates to a “Service User” who is also an identified or identifiable living individual).
“Relationship Data.” This means any recorded information that describes (or infers) a relationship between a “Service User”, “Identity Provider” or “Service Provider” with another “Service User”, “Identity Provider” or “Service Provider” and includes any cookie or program whose purpose is to supply a means through which relationship data are collected.
3 Other terms used in relation to the Principles are defined as follows—
“save-line2Identity Assurance Service.” This includes relevant applications of the technology (e.g. hardware, software, database, documentation) in the possession or control of any “Service User”, “Identity Provider” or “Service Provider” that is used to facilitate identity assurance activities; it also includes any IdA Data processed by that  technology or by an Identity Provider or by a Service Provider in the context of the Service; and any IdA Data processed by the underlying infrastructure for the purpose of delivering the IdA service or associated billing, management, audit and fraud prevention.
“Identity Provider.” This means the certified individual or certified organisation that provides an Identity Assurance Service (e.g. establishing an identity, verification of identity); it includes any agent of a certified Identity Provider that processes IdA data in connection with that Identity Assurance Service.
“Participant.” This means any “Identity Provider”, “Service Provider” or “Service User” in an Identity Assurance Service. A “Participant” includes any agent by definition.
“Processing.” In the context of IdA data means “collecting, using, disclosing, retaining, transmitting, copying, comparing, corroborating, correlating, aggregating, accessing” the data and includes any other operation performed on IdA data.
“Provider.” Includes both “Identity Provider” and/or “Service Provider”.
“Service Provider.” This means the certified individual or certified organisation that provides a service that uses an Identity Provider in order to verify identity of the Service User; it includes any agent of the Service Provider that processes IdA data from an Identity Assurance Service.
“Service User.” This means the person (i.e. an organisation (incorporated or not)) or an individual (dead or alive) who has established (or is establishing) an identity with an Identity Provider; it includes an agent (e.g. a solicitor, family member) who acts on behalf of a Service User with proper authority (e.g. a public guardian, or a Director of a company, or someone who possesses power of attorney). The person may be living or deceased (the identity may still need to be used once its owner is dead, for example by an executor).
“Third Party.” This means any person (i.e. any organisation or individual) who is not a “Participant” (e.g. the police or a Regulator).

Part 2 - The Nine Identity Assurance Principles

Any exemptions from these Principles must be specified via the “Exceptional Circumstances Principle”. (See Principle 9).
1 User Control Principle
Statement of Principle: “I can exercise control over identity assurance activities affecting me and these can only take place if I consent or approve them.”
1.1 An Identity Provider or Service Provider must ensure any collection, use or disclosure of IdA data in, or from, an Identity Assurance Service is approved by each particular Service User who is connected with the IdA data.
1.2 There should be no compulsion to use the Identity Assurance Service and Service Providers should offer alternative mechanisms to access their services. Failing to do so would undermine the consensual nature of the service.
2 Transparency Principle
Statement of Principle: “Identity assurance can only take place in ways I understand and when I am fully informed.”
2.1 Each Identity Provider or Service Provider must be able to justify to Service Users why their IdA data are processed. Ensuring transparency of activity   and effective oversight through auditing and other activities inspires public trust and confidence in how their details are used.
2.2 Each Service User must be offered a clear description about the processing of IdA data in advance of any processing. Identity Providers must be transparent with users about their particular models for service provision.
2.3 The information provided includes a clear explanation of why any specific information has to be provided by the Service User (e.g. in order that a particular level of identity assurance can be obtained) and identifies any obligation on the part of the Service User (e.g. in relation to the User’s role in securing his/her own identity information).
2.4 The Service User will be able to identify which Service Provider they are using at any given time.
2.5 Any subsequent and significant change to the processing arrangements that have been previously described to a Service User requires the prior consent or approval of that Service User before it comes into effect.
2.6 All procedures, including those involved with security, should be made publicly available at the appropriate time, unless such transparency presents a security or privacy risk. For example, the standards of encryption can be identified without jeopardy to the encryption keys being used.
3 Multiplicity Principle
Statement of Principle: “I can use and choose as many different identifiers or identity providers as I want to.”
3.1 A Service User is free to use any number of identifiers that each uniquely identifies the individual or business concerned.
3.2 A Service User can use any of his identities established with an Identity Provider with any Service Provider.
3.3 A Service User shall not be obliged to use any Identity Provider or Service Provider not chosen by that Service User; however, a Service Provider can require the Service User to provide a specific level of Identity Assurance, appropriate to the Service User’s request to a Service Provider.
3.4 A Service User can choose any number of Identity Providers and where possible can choose between Service Providers in order to meet his or her diverse needs. Where a Service User chooses to register with more than one Identity Provider, Identity Providers and Service Providers must not link the Service User’s different accounts or gain information about their use of other Providers.
3.5 A Service User can terminate, suspend or change Identity Provider and where possible can choose between Service Providers at any time.
3.6 A Service Provider does not know the identity of the Identity Provider used by a Service User to verify an identity in relation to a specific service. The Service Provider knows that the Identity Provider can be trusted because the Identity Provider has been certified, as set out in GPG43 – Requirements for Secure Delivery of Online Public Services (RSDOPS).
4 Data Minimisation Principle
Statement of Principle: “My interactions only use the minimum data necessary to meet my needs.”
4.1 Identity Assurance should only be used where a need has been established and only to the appropriate minimum level of assurance.
4.2 Identity Assurance data processed by an Identity Provider or a Service Provider to facilitate a request of a Service User must be the minimum necessary in order to fulfil that request in a secure and auditable manner.
4.3 When a Service User stops using a particular Identity Provider, their data should be deleted. Data should be retained only where required for specific targeted fraud, security or other criminal investigation purposes.
5 Data Quality Principle
Statement of Principle: “My interactions only use the minimum data necessary to meet my needs.”
5.1 Service Providers should enable Service Users (or authorised persons, such as the holder of a Power of Attorney) to be able to update their own personal data, at a time at their choosing, free of charge and in a simple and easy manner.
5.2 Identity Providers and Service Providers must take account of the appropriate level of identity assurance required before allowing any updating of personal data.
6 Service User Access and Portability Principle
Statement of Principle: “I have to be provided with copies of all of my data on request; I can move/remove my data whenever I want.”
6.1 Each Identity Provider or Service Provider must allow, promptly, on request and free of charge, each Service User access to any IdA data that relates to that Service User.
6.2 It shall be unlawful to make it a condition of doing anything in relation to a Service User to request or require that Service User to request IdA data.
6.3 The Service User must be able to require an Identity Provider to transfer his personal data, to a second Identity Provider in a standard electronic format, free of charge and without impediment or delay.
7 Certification Principle
Statement of Principle: “I can have confidence in the Identity Assurance Service because all the participants have to be certified against common governance requirements.”
7.1 As a baseline control, all Identity Providers and Service Providers will be certified against a shared standard. This is one important way of building trust and confidence in the service.
7.2 As part of the certification process, Identity Providers and Service Providers are obliged to co-operate with the independent Third Party and accept their impartial determination and to ensure that contractual arrangements—
• reinforce the application of the Identity Assurance Principles
• contain a reference to the independent Third Party as a mechanism for dispute resolution.
7.3 In the context of personal data, certification procedures include the use of Privacy Impact Assessments, Security Risk Assessments, Privacy by Design concepts and, in the context of information security, a commitment to using appropriate technical measures (e.g. encryption) and ever improving security management. Wherever possible, such certification processes and security procedures reliant on technical devices should be made publicly available at the appropriate time.
7.4 All Identity Providers and Service Providers will take all reasonable steps to ensure that a Third Party cannot capture IdA data that confirms (or infers) the existence of relationship between any Participant. No relationships between parties or records should be established without the consent of the Service User.
7.5 Certification can be revoked if there is significant non-compliance with any Identity Assurance Principle.
8 Dispute Resolution Principle
Statement of Principle: “If I have a dispute, I can go to an  independent Third Party for a resolution.”
8.1 A Service User who, after a reasonable time, cannot, or is unable, to resolve a complaint or problem directly with an Identity Provider or Service Provider can call upon an independent Third Party to seek resolution of the issue. This could happen for example where there is a disagreement between the Service User and the Identity Provider about the accuracy of data.
8.2 The independent Third Party can resolve the same or similar complaints affecting a group of Service Users.
8.3 The independent Third Party can co-operate with other regulators in order to resolve problems and can raise relevant issues of importance concerning the Identity Assurance Service.
8.4 An adjudication/recommendation of the independent Third Party should be published. The independent Third Party must operate transparently, but detailed case histories should only be published subject to appropriate review and consent.
8.5 There can be more than one independent Third Party.
8.6 The independent Third Party can recommend changes to standards or certification procedures or that an Identity Provider or Service Provider should lose their certification.
9 Exceptional Circumstances Principle
Statement of Principle: “Any exception has to be approved by Parliament and is subject to independent scrutiny.”
9.1 Any exemption from the application of any of the above Principles to IdA data shall only be lawful if it is linked to a statutory framework that legitimises all Identity Assurance Services, or an Identity Assurance Service in the context of a specific service. In the absence of such a legal framework then alternative measures must be taken to ensure, transparency, scrutiny and accountability for any exceptions.
9.2 Any exemption from the application of any of the above Principles that relates to the processing of personal data must also be necessary and justifiable in terms of one of the criteria in Article 8(2) of the European Convention of Human Rights: namely in the interests of national security; public safety or the economic well-being of the country; for the prevention of disorder or crime; for the protection of health or morals, or for the protection of the rights and freedoms of others.
9.3 Any subsequent processing of personal data by any Third Party who has obtained such data in exceptional circumstances (as identified by Article 8(2) above) must be the minimum necessary to achieve that (or another) exceptional circumstance.
9.4 Any exceptional circumstance involving the processing of personal data must be subject to a Privacy Impact Assessment by all relevant “data controllers” (where “data controller” takes its meaning from the Data Protection Act).
9.5 Any exemption from the application of any of the above Principles in relation to IdA data shall remain subject to the Dispute Resolution Principle.”
Amendment 220, in schedule 1, page 141, leave out from line 21 to the end of line 36 on page 144.
This amendment would remove from the new Annex 1 of the UK GDPR provisions which would enable direct marketing for the purposes of democratic engagement. See also Amendment 218.
Government amendments 266 to 277.
Government amendments 208 to 211.
Amendment 15, in schedule 5, page 154, line 2, at end insert—
“(g) the views of the Information Commission on suitability of international transfer of data to the country or organisation.”
This amendment requires the Secretary of State to seek the views of the Information Commission on whether a country or organisation has met the data protection test for international data transfer.
Amendment 14, page 154, line 25, at end insert—
“5. In relation to special category data, the Information Commissioner must assess whether the data protection test is met for data transfer to a third country or international organisation.”
This amendment requires the Information Commission to assess suitability for international transfer of special category data to a third country or international organisation.
Amendment 13, page 154, line 30, leave out “ongoing” and insert “annual”.
This amendment mandates that a country’s suitability for international transfer of data is monitored on an annual basis.
Amendment 16, in schedule 6, page 162, line 36, at end insert—
“(g) the views of the Information Commission on suitability of international transfer of data to the country or organisation.”
This amendment requires the Secretary of State to seek the views of the Information Commission on whether a country or organisation has met the data protection test for international data transfer in relation to law enforcement processing.
Government amendment 212.
Amendment 231, in schedule 13, page 202, line 33, at end insert—
“(2A) A person may not be appointed under sub-paragraph (2) unless the Science, Innovation and Technology Committee of the House of Commons has endorsed the proposed appointment.”
This amendment would ensure that non-executive members of the Information Commission may not be appointed unless the Science, Innovation and Technology Committee has endorsed the Secretary of State’s proposed appointee.
Government amendments 213 to 216.

John Whittingdale: The current one-size-fits-all, top-down approach to data protection that we inherited from the European Union has led to public confusion, which has impeded the effective use of personal data to drive growth and competition, and to support key innovations. The Bill seizes on a post-Brexit opportunity to build on our existing foundations and create an innovative, flexible and risk-based data protection regime. This bespoke model will unlock the immense possibilities of data use to improve the lives of everyone in the UK, and help make the UK the most innovative society in the world through science and technology.
I want to make it absolutely clear that the Bill will continue to maintain the highest standards of data protection that the British people rightly expect, but it will also help those who use our data to make our lives healthier, safer and more prosperous. That is because we have convened industry leaders and experts to co-design the Bill at every step of the way. We have held numerous roundtables with both industry experts in the field and campaigning groups. The outcome, I believe, is that the legislation will ensure our regulation reflects the way real people live their lives and run their businesses.

Layla Moran: I am grateful to the Minister for giving way so early. Oxford West and Abingdon has a huge number of spin-offs and scientific businesses that have expressed concern that any material deviation on standards, particularly European Union data adequacy, would entangle them in more red tape, rather than remove it. He says he has spoken to industry leaders. Have he and his Department assessed the risk of any deviation? Is there any associated cost to businesses from any potential deviation? Who is going to bear that cost?

John Whittingdale: I share the hon. Lady’s appreciation of the importance of data adequacy with the European Union. It is not the case that we have to replicate every aspect of GDPR to be assessed as adequate by the European Union for the purposes of data exchange. Indeed, a number of other countries have data adequacy, even though they do not have precisely the same framework of data protection legislation.
In drawing up the measures in the Bill, we have been very clear that we do not wish to put data adequacy at risk, and we are confident that nothing in the Bill does so. That is not only my view; it is the view of the expert witnesses who gave evidence in Committee. It is also the view of the Information Commissioner, who has been closely involved in all the measures before us today. I recognise the concern, but I do not believe it has any grounds.

Layla Moran: The Minister says, “We do not wish”. Is that a guarantee from the Dispatch Box that there will be absolutely no deviation that causes a material difference for businesses on EU data adequacy? Can he give that guarantee?

John Whittingdale: I can guarantee that there is nothing in the Government’s proposals that we believe puts data adequacy at risk. That is not just our view; it is the view of all those we have consulted, including the Information Commissioner. He was previously the information commissioner in New Zealand, which has its own data protection laws but is, nevertheless, recognised as adequate by the EU. He is very familiar with the process required to achieve and keep data adequacy, and it is his view, as well as ours, that the Bill achieves that objective.
We believe the Government amendments will strengthen the fundamental elements of the Bill and reflect the Government’s commitment to unleashing the power of data across our economy and society. I have already thanked all the external stakeholders who have worked with us to ensure that the Bill functions at its best. Taken together, we believe these amendments will benefit the economy by £10.6 billion over the next 10 years. That is more than double the estimated impact of the Bill when it was introduced in the spring.

Dawn Butler: Will the Minister confirm that no services will rely on digital identity checks?

John Whittingdale: I will come on to that, because we have tabled a few amendments on digital verification and the accreditation of digital identity.
We are proposing a voluntary framework. We believe that using digital identity has many advantages, and those will become greater as the technology improves, but there is no compulsory or mandatory element to the use of digital identity. I understand why the hon. Lady raises that point, and I am happy to give her that assurance.

Jeremy Wright: Before my right hon. Friend moves on to the specifics of the Government amendments, may I ask him about something they do not yet cover? The Bill does not address the availability of data to researchers so that they can assist in the process of, for example, identifying patterns in online safety. He will know that there was considerable discussion of this during the passage of the Online Safety Act 2023, when a succession of Ministers said that we might return to the subject in this Bill. Will he update the House on how that is going? When might we expect to see amendments to deal with this important area?

John Whittingdale: It is true that we do not have Government amendments to that effect, but it is a central part of the Bill that we have already debated in Committee. Making data more available to researchers is, indeed, an objective of the Bill, and I share my right hon. and learned Friend’s view that it will produce great value. If he thinks more needs to be done in specific areas, I would be very happy to talk to him further or to respond in writing.
There are quite a number of technical amendments, as the hon. Member for Rhondda (Sir Chris Bryant) observed. I will start with the UK-US data access agreement, which permits telecommunications operators in the UK to share information about serious crimes with law enforcement agencies in the US, and vice versa.
Government new clause 6 makes it clear that the UK-US data access agreement, and other specified international treaties, can provide a basis for processing under several grounds in the UK GDPR. This agreement has been operational since October 2022, and disclosures made under it are not prevented by the current data protection legislation. However, the measures contained in the new clause will make it absolutely clear to telecoms operators in the UK that the data access agreement provides an appropriate legal basis for processing personal data, special category data and criminal offences data under the relevant provisions in the UK GDPR.
We have also tabled an amendment to ensure that, following the loss of the EU general principle of proportionality at the end of 2023 as a result of the Retained EU Law (Revocation and Reform) Act 2023, controllers continue to need only to carry out a reasonable and proportionate search for information when responding to a subject access request. While controllers should make the best possible efforts to locate all the information requested by a data subject, there are occasions when this might be unreasonable or disproportionate, such as when the information is of low importance or of low relevance to the data subject. In those circumstances, it is important to continue to allow controllers to limit the efforts they make when searching for information, and  this position reflects existing domestic case law. The amendment simply provides greater legal certainty for controllers.
Turning to the Information Commissioner’s Office codes of practice, we have listened to concerns about the perceived impact of the approval powers on the independence of regulators, so we are amending the Bill to remove the veto power on the contents of ICO statutory codes of practice. It was previously proposed that the power should be held by the Secretary of State. [Interruption.] I welcome the expression of enthusiasm for this amendment from the hon. Member for Rhondda.
This amendment balances regulatory independence with democratic accountability and reaffirms the Government’s commitment to the independence of our regulatory framework, and it is supported by the ICO. The amendment introduces a new process for the approval of ICO statutory codes of practice, and it provides that the Information Commissioner must consider recommendations from the Secretary of State about a code of practice prior to the code being laid before Parliament. Critically, the Information Commissioner will not be bound by the Secretary of State’s recommendations.
We are also introducing an amendment to clarify the ways in which the ICO can serve notices, and to remove the outdated requirement for the ICO to obtain consent before serving notices by email. This amendment will enable the ICO to enforce the UK’s data protection regime more effectively, particularly against overseas businesses, and it mirrors the arrangements that a number of other regulators already have.
Although most data controllers do the right thing and respond to subject access requests in a satisfactory way, some disputes end up in court, so we have tabled an amendment that will enable a court to require information from a controller to assess whether it should have been provided as part of the original response, while ensuring that the information is not disclosed to the claimant until it has been determined whether or not they are entitled to it.
The hon. Member for Brent Central (Dawn Butler) mentioned the digital identity verification schemes in part 2. The UK digital identity and attributes trust framework sets out baseline rules that organisations must follow to become a Government-approved digital verification service provider. However, in some cases where people may choose to use digital identity products, such as when applying for a mortgage or completing pre-employment checks, digital verification service providers may need to follow rules in addition to those within the trust framework in order to meet sector-specific requirements. Our amendment enables additional rules, which are described as “supplementary codes” in the Bill, to be approved by the Government, against conditions set out in the trust framework. Organisations will be able to prove that the digital verification services they offer are certified against supplementary codes, as well as the trust framework, by having a note included in the digital verification service register.
Let me turn to one or two examples, covering both the right-to-rent and right-to-work checks. It is essential that the employment and private rental sectors are provided with robust and secure processes to ensure that the identity checking parts of their onboarding processes are secure, efficient and effective. The Home Office will use the amended part 2 powers I have just  explained to make secondary legislation that means that when an employer or landlord is using the services of a digital verification service provider, they do so from the register of digital verification service providers established under part 2 of the Bill. That does not change the already established processes available to employers and landlords. In fact, 41 providers have already been certified to perform digital right-to-work and right-to-rent checks, in line with the existing version of the UK digital identity and attributes trust framework, to which I have referred. The amendments will provide confidence and security to employers and landlords that the service providers they are using are certified. Our ongoing engagement with the sector tells us that the use of digital identity service providers is a welcome development, as it represents a more cost-effective practice than manual checks of physical documents.
Providers of public electronic communications services, such as companies that provide a mobile phone contract, are currently required to report all personal data breaches to the Information Commissioner within 24 hours. Our amendment eases burdens on industry by giving more time for those data controllers to report data breaches; they will now have to be reported without undue delay and, where feasible, no later than 72 hours after the breach. This change will allow organisations to gather more detailed information about the breach before the reporting deadline and allow the ICO to focus its efforts on assessing that information once it has been achieved.
On disclosure for the purposes of archiving in the public interest, the Government recognise the importance of archives in permanently preserving Britain’s rich history for long-term social benefit. We also know that archivists currently have very little agency to dictate what lawful ground was used when obtaining personal data from a wide range of sources. We are therefore amending the Bill to ensure that a controller is able to reuse personal data for the purpose of archiving in the public interest, regardless of the lawful ground the personal data was originally collected on. That will be particularly helpful for archivists that are not public authorities and are therefore unable to use a public task lawful ground for their processing. We have worked closely with the National Archives in bringing forward our amendment.
I come to the issue of foreign convictions, particularly those relating to counter-terrorism policing. We intend to amend the Bill to ensure that counter-terrorism policing can continue to protect British citizens by retaining biometrics received from international partners in a more efficient way. Currently, the police can hold biometrics indefinitely for people who have a conviction for shoplifting in the UK but not for convicted terrorists abroad. Our amendment that will enable the indefinite retention of an individual’s fingerprints and DNA profile for national security purposes where that person has a foreign conviction that is equivalent to a conviction in England, Wales or Northern Ireland. Counter-terrorism policing can retain those biometrics without the need to apply for a national security determination. Our amendment brings the Counter-Terrorism Act 2008 into alignment with other legislation governing biometric retention.
We are making changes to the way that counter-terrorism policing can retain biometrics shared via Interpol. It will now be able to retain biometric data in national security-related cases for as long as the relevant Interpol  notice remains in force, rather than needing to submit a national security determination, which can present significant operational challenges for counter-terrorism policing. That will bring the UK into line with the rules under which all Interpol members retain and use those same biometrics. Our amendment was requested and is welcomed by counter-terrorism policing, the independent reviewer of terrorism legislation, the Office of the Biometrics Commissioner and the security services, and I thank them for their co-operation on this aspect of the Bill.

Chris Bryant: Broadly speaking, we support this measure. What negotiations and discussions has the Minister had about red notices under Interpol and the abuse of them, for instance by the Russian state? We have concerns about decent people being maltreated by the Russian state through the use of red notices. Are those concerns conflicted by the measure that the Government are introducing?

John Whittingdale: As the hon. Gentleman knows, I strongly share his view about the need to act against abuse of legal procedures by the Russian state. As he will appreciate, this aspect of the Bill emanated from the Home Office. However, I have no doubt that my colleagues in the Home Office will have heard the perfectly valid point he makes. I hope that they will be able to provide him with further information about it, and I will draw the matter to their attention.
I wish to say just a few more words about the biometric material received from our international partners, as a tool in protecting the public from harm. Sometimes, counter-terrorism police receive biometrics from international partners with identifiable information. Under current laws, they are not allowed to retain these biometrics unless they were taken in the past three years. That can make it harder for our counter-terrorism police to carry out their job effectively. That is why we are making changes to allow the police to take proactive steps to pseudonymise biometric data received from international partners—obviously, that means holding the material without including information that identifies the person—and hold indefinitely under existing provisions in the Counter-Terrorism Act information that identifies the person it relates to. Again, those changes have been requested by counter-terrorism police and will support them to better protect the British public.
The national underground asset register, or NUAR, is a digital map that will improve both the efficiency and safety of underground works, by providing secure access to privately and publicly owned location data about the pipes and cables beneath our feet. This will underpin the Government’s priority to get the economy growing by expediting projects such as new roads, new houses and broadband roll-out—the hon. Gentleman and I also share a considerable interest in that.
The NUAR will bring together valuable data from more than 700 public and private sector organisations about the location of underground utilities assets. This will deliver £490 million per year of economic growth, through increased efficiency, reduced asset strikes and reduced disruptions for citizens and businesses. Once operational, the running of the register will be funded by those who benefit most. The Government’s amendments include powers to, through regulations, levy charges on apparatus owners and request relevant information.  The introduction of reasonable charges payable by those who benefit from the service, rather than the taxpayer, will ensure that the NUAR is a sustainable service for the future. Other amendments will ensure that there is the ability to realise the full potential of this data for other high-value uses, while respecting the rights of asset owners.

Carol Monaghan: Is any consideration given to the fact that that information could be used by bad actors? If people are able to find out where particular cables or pipes are, they also have the ability to find weakness in the system, which could have implications for us all.

John Whittingdale: I understand the hon. Lady’s point. There would need to be a legitimate purpose for accessing such information and I am happy to supply her with further detail about precisely how that works.
The hon. Lady intervenes at an appropriate point, because I was about to say that the provision will allow the National Underground Asset Register service to operate in England and Wales. We intend to bring forward equivalent provisions as the Bill progresses in the other House, subject to the usual agreements, to allow the service to operate in Northern Ireland, but the Scottish Road Works Commissioner currently maintains its own register. It has helped us in the development of the NUAR, so the hon. Lady may like to talk to the Scottish Road Works Commissioner on that point.
I turn to the use of data for the purposes of democratic engagement, which is an issue of considerable interest to Members of the House. The Bill includes provisions to facilitate the responsible use of personal data by elected representatives, registered political parties and others for the purposes of “democratic engagement”. We have tabled further related amendments for consideration today, including adding a fuller definition of what constitutes “democratic engagement activities” to help the reader understand that term wherever it appears in the legislation.
The amendments provide for former MPs to continue to process personal data following a successful recall petition, to enable them to complete urgent casework or hand over casework to a successor, as they do following the Dissolution of Parliament. For consistency, related amendments are made to the definitions used in provisions relating to direct marketing for the purposes of democratic engagement.
Finally, hon. Members may be aware that the Data Protection Act 2018 currently permits registered political parties to process sensitive political opinions data without consent for the purposes of their political activities. The exemption does not however currently apply to elected representatives, candidates, recall petitioners and permitted participants in referendums. The amendment addresses that anomaly and allows those individuals to benefit from the same exemption as registered political parties.

Patrick Grady: Is the Minister prepared to look at how the proposals in the Bill and the amendments align with relevant legislation passed  in the Scottish Government? A number of framework Bills to govern the operation of potential future referendums on a variety of subjects have been passed, particularly the Referendums (Scotland) Act 2020. It is important that there is alignment with the definitions used in the Bill, such as that for “a permitted participant”. Will he commit to looking at that and, if necessary, make changes to the Bill at a later stage in its progress, in discussion with the Scottish Government?

John Whittingdale: I am happy to look at that, as the hon. Gentleman suggests. I hope the changes we are making to the Bill will provide greater legal certainty for MPs and others who undertake the processing of personal data for the purposes of democratic engagement.
The Bill starts and ends with reducing burdens on businesses and, above all, on small businesses, which account for over 99% of UK firms. In the future, organisations will need to keep records of their processing activities only when those activities are likely to result in a high risk to individuals. Some organisations have queried whether that means they will have to keep records in relation to all their activities if only some of their processing activities are high risk. That is not the Government’s intention. To maximise the benefits to business and other organisations, the amendments make it absolutely clear that organisations have to keep records only in relation to their high-risk processing activities.
The Online Safety Act 2023 took crucial steps to shield our children, and it is also important that we support grieving families who are seeking answers after tragic events where a child has taken their own life, by removing obstacles to accessing social media information that could be relevant to the coroner’s investigations.

Layla Moran: We welcome such measures, but is the Minister aware of the case of Breck Bednar, who was groomed and then murdered? His family is campaigning not just for new clause 35 but for measures that go further. In that case, the coroner would have wanted access to Breck’s online life but, as it currently stands, new clause 35 does not provide what the family needs without a change to widen the scope of the amendment to the Online Safety Act. Will the Minister look at that? I think it will just require a tweak in some of the wording.

John Whittingdale: I understand the concerns of the hon. Lady. We want to do all that we can to support the bereaved parents of children who have lost their lives. As it stands, the amendment will require Ofcom, following notification from a coroner, to issue information notices to specified providers of online services, requiring them to hold data they may have relating to a deceased child’s use of online services, in circumstances where the coroner suspects the child has taken their own life, which could later be required by a coroner as relevant to an inquest.
We will continue to work with bereaved families and Members of the other place who have raised concerns. During the passage of the Online Safety Act, my noble colleague Lord Parkinson of Whitley Bay made it clear that we are aware of the importance of data preservation to bereaved parents, coroners and others involved in investigations. It is very important that we get this right. I hear what the hon. Lady says and give her an assurance  that we will continue to work across Government, with the Ministry of Justice and others, in ensuring that we do so.
The hon. Member for Rhondda made reference to proposed new schedule 1, relating to improving our ability to identify and tackle fraud in the welfare system. I am grateful for the support of the Minister for Disabled People, Health and Work, my hon. Friend the Member for Corby (Tom Pursglove). In 2022-23, the Department for Work and Pensions overpaid £8.3 billion in fraud and error. A major area of loss is the under-declaration of financial assets, which we cannot currently tackle through existing powers. Given the need to address the scale of fraud and error in the welfare system, we need to modernise and strengthen the legal framework, to allow the Department for Work and Pensions to keep pace with change and stand up to future fraud challenges.
As I indicated earlier, the fraud plan, published in 2022, contains a provision outlining the DWP’s intention to bring forward new powers that would boost access to data held by third parties. The amendment will enable the DWP to access data held by third parties at scale where the information signals potential fraud or error. That will allow the DWP to detect fraud and error more proactively and protect taxpayers’ money from falling into the hands of fraudsters.

Stephen Timms: My reading of the proposed new schedule is that it gives the Department the power to look into the bank accounts of people claiming the state pension. Am I right about that?

John Whittingdale: The purpose of the proposed new schedule is narrowly focused. It will ensure that where benefit claimants may also have considerable financial assets, that is flagged with the DWP for further examination, but it does not allow people to go through the contents of people’s bank accounts. It is an alarm system where financial institutions that hold accounts of benefit claimants can match those against financial assets, so where it appears fraud might be taking place, they can refer that to the Department.

Chris Bryant: But it does include the state pension, doesn’t it?

John Whittingdale: I am surprised that the Opposition regard this as something to question. Obviously, they are entitled to seek further information, but I would hope that they share the wish to identify where fraud is taking place and take action against it. This is about claimants of benefits, including universal credit—

Chris Bryant: Pensions?

John Whittingdale: The state pension will not currently be an area of focus for the use of these powers.

Chris Bryant: The House of Commons Library makes it absolutely clear that the Bill, if taken forward in the way that the Government are proposing at the moment, does allow the Government to look at people in receipt of state pensions. That is the case, is it not?

John Whittingdale: I can tell the hon. Gentleman that it is not the case that the DWP intends to focus on the state pension—and that is confirmed by my hon. Friend the Member for Corby. This is specifically about ensuring that means-related benefit claimants are eligible for the benefits for which they are currently claiming. In doing that, the identification and the avoidance of fraud will save the taxpayer a considerable amount of money.

David Davis: I think everybody in the House understands the importance of getting this right. We all want to stop fraud in the state system. That being said, this is the only time that I am aware of where the state seeks the right to put people under surveillance without prior suspicion, and therefore such a power has to be restricted very carefully indeed. As we are not going to have time to debate this properly today, is my right hon. Friend open to having further discussion on this issue when the Bill goes to the Lords, so that we can seek further restrictions? I do not mean to undermine the effectiveness of the action; I just want to make it more targeted.

John Whittingdale: I am very grateful to my right hon. Friend for his contribution, and I share his principled concern that the powers of the state should be limited to those that are absolutely necessary. Those who are in receipt of benefits funded by the taxpayer have an obligation to meet the terms of those benefits, and this provision is one way of ensuring that they do so. My hon. Friend the Member for Corby has already said that he would be very happy to discuss this matter with my right hon. Friend further, and I am happy to do the same if that is helpful to him.

Stephen Timms: Can the Minister give us an example of the circumstances in which the Department would need to look into the bank accounts of people claiming state pensions in order to tackle the fraud problem? Why is the state pension within the scope of this amendment?

John Whittingdale: All I can say to the right hon. Gentleman is that the Government have made it clear that there is no intention to focus on claimants of the state pension. That is an undertaking that has been given. I am sure that Ministers from the DWP would be happy to give further evidence to the right hon. Gentleman, who may well wish to look at this further in his Committee.
Finally, I wish to touch on the framework around smart data, which is contained in part 3 of the Bill. The smart data powers will extend the Government’s ability to introduce smart data schemes, building on the success of open banking, which is the UK’s most developed data sharing scheme, with more than 7 million active users. The amendments will support the Government’s ability to meet their commitment, first, to provide open banking with a long-term regulatory framework, and, secondly, to establish an open data scheme for road fuel prices. It will also more generally strengthen the toolkit available to Government to deliver future smart data schemes.
The amendments ensure that the range of data and activities essential to smart data schemes are better captured and more accurately defined. That includes  types of financial data and payment activities that are integral to open banking. The amendments, as I say, are complicated and technical and therefore I will not go into further detail.

John Penrose: rose—

John Whittingdale: I will give way to my hon. Friend as I know that he has taken a particular interest, and is very knowledgeable, in this area.

John Penrose: The Minister is very kind. I just wanted to pick up on his last point about smart data. He is right to say that the provisions are incredibly important and potentially extremely valuable to the economy. Can he just clarify a couple of points? I want to be clear on Government new clause 27 about interface bodies. Does that apply to the kinds of new data standards that will be required under smart data? If it does, can he please clarify how he will make sure that we do not end up with multiple different standards for each sector of our economy? It is absolutely in everybody’s interests that the standards are interoperable and, to the greatest possible extent, common between sectors so that they can talk to each other?

John Whittingdale: I do have a note on interface bodies, which I am happy to include for the benefit of my hon. Friend. However, he will be aware that this is a technical and complicated area. If he wants to pursue a further discussion, I would of course be happy to oblige. I can tell him that the amendments will ensure that smart data schemes can replicate and build on the open banking model by allowing the Government to require interface bodies to be set up by members of the scheme. Interface bodies will play a similar role to that of the open banking implementation entity, developing common standards on arrangements for data sharing. Learning from the lessons and successes of the open banking regime, regulations will be able to specify the responsibilities and requirements for interface bodies and ensure appropriate accountability to regulators. I hope that that goes some way to addressing the point that he makes, but I would be happy to discuss it further with him in due course.
I believe these amendments will generally improve the functioning of the Bill and address some specific concerns that I have identified. On that basis, I commend them to the House.

Rosie Winterton: I call the shadow Minister.

Chris Bryant: As I am feeling generous, I shall start with the nice bits where we agree with the Government. First, we completely agree with the changes to the Information Commissioner’s Office, strengthening the ICO’s enforcement powers, restructuring the ICO and providing a clearer framework of objectives. As the Minister knows, we have always been keen to strengthen the independence of the ICO and we were concerned that the Government were taking new interventionist powers—that is quite a theme in this Bill—in clause 33,  so we welcome Government amendment 45, which achieves a much better balance between democratic oversight and ICO independence, so we thank the Minister for that.
Labour also welcomes part 2 of the Bill, as amended in Committee, establishing a digital verification framework. My concern, however, is that the Government have underestimated the sheer technicality of such an endeavour, hence the last-minute requirement for tens of Government amendments to this part of the Bill, which I note the Minister keeps on referring to as being very technical and therefore best to be debated in another place at another time with officials present. Under Government amendment 52, for example, different rules will be established for different digital verification services, and I am not quite sure whether that will stand the test of the House of Lords.
We warmly welcome and support part 3 of the Bill, which has just been referred to by the hon. Member for Weston-super-Mare (John Penrose) and the Minister, and its provisions on smart data. Indeed, we and many industry specialists have been urging the Government to go much faster in this particular area. The potential for introducing smart data schemes is vast, empowering consumers to make financial decisions that better suit them, enabling innovation and delivering better products and services. Most notably, that has already happened in relation to financial services. Many people will not know that that is what they are using when they use a software that is accessing several different bank accounts, but that is what they are doing.
In the autumn statement, the Government pledged to kickstart a smart data big bang. One area where smart data has been most effective is in open finance—it is right that we expand these provisions into new areas to have a greater social impact—but, to quote the Financial Conduct Authority, it should be implemented there
“in a proportionate phased manner, ideally driven by consideration of credible consumer propositions and use-cases.”
Furthermore, the FCA does not think that a big bang approach to open finance is feasible or desirable. Nevertheless, many of the Government amendments to the suite of smart data provisions are technical, and indicate a move in the right direction. In particular, we hope that, with smart data enabling greater access by consumers to information about green options and net zero, we will be able to help the whole of the UK to move towards net zero.
I want to say a few words on part 4, on cookies and nuisance calls. We share a lot of the Government’s intentions on tackling those issues and the births and deaths register. As a former registrar, I would like to see tombstoning—the process of fraudulently adopting for oneself the name of a child who has died—brought to an end. That practice is enabled partly because the deaths register does not actually register the death of an individual named on the births register, which I hope will at some point be possible.
Despite the Government’s having sat on the Bill for almost 18 months, with extensive consultations, drafts, amendments and carry-over motions, there are still big practical holes in these measures that need to be addressed. Labour supports the Government’s ambitions to tackle nuisance calls, which are a blight on people’s lives—we all know that. However, I fear that clause 89, which  establishes a duty to notify the ICO of unlawful direct marketing, will make little or no difference without the addition of Labour amendments 7 and 8, which would implement those obligations on electronic communications companies when the guidance from the ICO on their practical application has been clearly established. As the Bill stands, that is little more than wishful thinking.
Unfortunately, the story is the same on tackling cookies. We have a bunch of half-baked measures that simply do not deliver as the public will expect them to and the Government would like them to. We all support reducing cookie fatigue; I am sure that every hon. Member happily clicks “Accept all” whenever cookies comes up—[Interruption.] Well, some Members are much more assiduous than I am in that regard. But the wise Members of the House know perfectly well that the problem is that it undermines the whole purpose of cookies. We all support tackling it because clicking a new cookie banner every time we load a web page is a waste of everybody’s time and is deeply annoying.
However, the Government’s proposed regulation 6B gives the Secretary of State a blank cheque to make provisions as they see fit, without proper parliamentary scrutiny. That is why we are unhappy with it and have tabled amendment 6, which would remove those powers from the Bill as they are simply not ready to enter the statute book. Yet again I make the point that the Bill repeatedly and regularly gives new powers to the Secretary of State. Sure, they would be implemented by secondary legislation—but as we all know, secondary legislation is unamendable and therefore subject to much less scrutiny. These are areas in which the state is taking significant powers over the public and private individuals.
Let me deal with some of the Labour party’s amendments. First, I take subject access requests. The Government have repeatedly been in the wrong place on those, I am afraid, ever since the introduction of the first iteration of the DPDI Bill under Nadine Dorries, when they tried to charge people for access to their own data. Fortunately, that has now gone the way of Nadine Dorries. [Interruption.] I note that the Minister smiled at that point. We still have concerns about the Government’s plans to change the thresholds for refusing subject access requests from “manifestly unfounded or excessive” to “vexatious or excessive”. The Equality and Human Rights Commission, Reset, the TUC and Which? have all outlined their opposition to the change, which threatens to hollow out what the Government themselves admit is a “critical transparency mechanism”.
We have tabled two simple amendments. Amendment 2 would establish an obligation on any data controller refusing a subject access request to provide evidence of why a request has been considered vexatious or excessive. Organisations should not be allowed to just declare that a request is vexatious or excessive and so ascribe a motive to the data subject in order to refuse to provide their data, perhaps simply because of the inconvenience to the organisation.
The Government will try to tell me that safeguards are in place and that the data subject can make appropriate complaints to the organisation and the ICO if they believe that their request has been wrongly refused. But if we take the provisions set out in clause 9 to extend the time limits on subject access requests, add the advantage for companies of dither and delay when considering procedural complaints, and then add the additional  burden on a data subject of having to seek out the ICO and produce evidence and an explanation of their request as well as the alleged misapplication of the vexatious or excessive standard, we see that people could easily be waiting years and years before having the right to access their own data. I cannot believe that, in the end, that is in the interests of good government or that it is really what the Government want.
Despite public opposition to the measures, the Government are also now going further by introducing at this stage amendments that further water down subject access request protections. Government new clauses 7 and 9, which the Minister did not refer to—in fact, he only mentioned, I think, a bare tenth of the amendments he wants us to agree this afternoon—limit a data subject’s entitlement to their own data to the controller’s ability to conduct a “reasonable and proportionate” search. But what is reasonable and proportionate? Who determines what has been a reasonable and proportionate search? The new clauses drive a coach and horses through the rights of people to access their own data and to know who is doing what with their information. That is why Labour does not support the changes.
I come to one of the most important issues for us: high-risk processing, which, as the term suggests, is of most concern when it comes to the rights of individuals. I was pleased but perplexed to see that the Government tabled amendments to new clause 30 that added further clarity about the changed provisions to record keeping for the purposes of high-risk processing. I was pleased because it is right that safeguards should be in place when data processing is deemed to be of high risk, but I was perplexed because the Government do not define high-risk processing in the Bill—in fact, they have removed the existing standard for high-risk processing from existing GDPR, thereby leaving a legislative lacuna for the ICO to fill in. That should not be up to the ICO. I know that the ICO himself thinks that it should not be up to him, but a matter for primary legislation.
Our amendment 1 retains a statutory definition of high-risk processing as recommended by the ICO in his response to the Bill, published in May. He said:
“the detail in Article 35 (3) was a helpful and clear legislative backstop.”
That is why he supports what we are suggesting. Our amendment 4 would also clarify those individual rights even further, by again providing the necessary definition of what constitutes high risk, within the new provisions concerning the responsibilities of senior responsible individuals for data processing set out in clause 15.
I turn to automated decision making, which has the potential to deliver increasingly personalised and efficient services, to increase productivity, and to reduce administrative hurdles. While most of the world is making it harder to make decisions exclusively using ADM, clause 12 in the Bill extends the potential for automated decision making in the UK. Yet countless research projects have shown that automated decision making and machine decision making are not as impartial or blind as they sound. Algorithms can harbour and enhance inbuilt prejudices and injustices. Of course we cannot bury our heads in the sand and pretend that the technology will not be implemented or that we can legislate it out of use; we should be smart about ADM and try to unlock its potential while mitigating its potential dangers. Where people’s livelihoods are at risk  or where decisions are going to have a significant impact, it is essential that extra protections are in place allowing individuals to contest decisions and secure human review as a fundamental backstop.
Our amendment 5 strikes a better balance by extending the safeguarding provisions to include significant decisions that are based both partly and solely on automated processing; I am very hopeful that the Government will accept our amendment. That means greater safeguards for anybody subject to an automated decision-making process, however that decision is made. It cannot just be a matter of “the computer says no.”
I think the Minister is slightly surprised that we are concerned about democratic engagement, but I will explain. The Bill introduces several changes to electoral practices under the guise of what the Government call “democratic engagement”, most notably through clauses 86 and 87. The former means that any political party or elected representative could engage in direct marketing relying on a soft opt-in procedure, while clause 87 allows the Secretary of State to make any future exemptions and changes to direct marketing rules for the very unspecified purposes of “democratic engagement”.
The Ada Lovelace Institute and the Internet Advertising Bureau have raised concerns about that, and in Committee Labour asked the Minister what the Government had in mind. He rather gave the game away when he wrote to my hon. Friend the Member for Barnsley East (Stephanie Peacock), to whom I pay tribute for the way she took the Bill through the Committee:
“A future government may want to encourage democratic engagement in the run up to an election by temporarily ‘switching off’ some of the direct marketing rules.”
Switching off the rules ahead of an election—does anyone else smell a rat?
The Government ask us to trust them, but when they change the rules on voting, refuse automatic registration of voters and dramatically increase the amount that they can spend on a general election, all to benefit their own party interest, forgive me if I worry that they are trying to slip yet another change through just before an election that will enable the Tories to mine people’s information for votes. That is why I am doubly suspicious of clauses 86 and 87. The first seems to make legal a practice that I suspect several Conservative MPs are already engaged in: using data acquired as an MP for the wholly different purpose of seeking re-election as a candidate. The second is a major power grab by the Secretary of State, enabling them to change the direct marketing rules for elections with the bare minimum of scrutiny.
Clause 86 should be rewritten to remove the soft opt-in in provisions for political parties and elected representatives, and clause 87 should be scrapped. The changes were not supported by the majority of respondents to the Government’s initial consultation, who wanted the Privacy and Electronic Communications (EC Directive) Regulations 2003 rules to be upheld, and they will not be supported by Labour today. In addressing Government amendment 256, the Minister offered a supposed explanation of what “democratic engagement” means, but it was basically literally anything that anybody  could do in a political party or as an elected representative. I do not think that he clarified it; if anything, he just extended it.
I will refer briefly to amendment 45, tabled by the hon. Member for Aberconwy (Robin Millar), who was in his place a moment ago—[Interruption.] Ah, he has moved. Of course interoperability of data in the health service between all the different parts of the United Kingdom is devoutly to be wished for. In fact, it would be quite nice if GP surgeries were able to have full interoperability between one another. I was told the other day that we have 3.1 million residents in Wales, but something like 9 million patient records, which suggests that something is not quite right. There is a similar number, I think, for England, Wales and Northern Ireland, so of course we need to get to a place of greater interoperability.
I am nervous about the amendment, simply because the Welsh Government have not been consulted. I do not know about the Scottish Government or others. I do not want to stir the devolution pot in a way that is unhelpful, so we will abstain on the amendment. The hon. Member is looking pregnant with something; I do not know whether he intends to intervene.

Robin Millar: indicated dissent.

Chris Bryant: He does not—great.
Finally, new schedule 1 would grant the Secretary of State the power to require banks or other financial institutions to provide the bank account data—unspecified—of any recipient of benefits to identify
“cases which merit further consideration to establish whether relevant benefits are being paid or have been paid in accordance with the enactments and rules of law relating to those benefits.”
It is a very broad and, I would argue, poorly delineated power. My understanding from the Commons Library, although I note that the Minister was unable to answer the question properly, is that it includes the bank accounts of anyone in the UK in receipt, or having been in receipt, of state pension, universal credit, working tax credit, child tax credit, child benefit, pension credit, jobseeker’s allowance or personal independence payment.
The Minister says that the Government do not intend to go down some of those routes at the moment, but why, in that case, are they seeking that power? They could have come to us with a much more tightly written piece of legislation, and we would have been able to help them draft it properly. The proposed new schedule would mean that millions of bank accounts could be trawled without the Department for Work and Pensions, as the right hon. Member for Haltemprice and Howden (Mr Davis) referred to, even suspecting anything untoward before it asked for the information. The 19-page new schedule, which was tabled on the last day for consideration, would grant powers to the Government without our having any opportunity to scrutinise it line by line, assess its implications or hear evidence from expert witnesses.
We should of course be tackling fraud. The Government have completely lost control of fraud in recent years, with benefit fraud and error skyrocketing to £8.3 billion in the last financial year. The Minister seemed to think that it was a good thing that he could cite that figure. The year before, it was even higher—a record £8.7 billion. On the Conservative party’s watch, the percentage of benefit expenditure lost to fraud has more than trebled since Labour was last in power.
Let me be absolutely clear: Labour will pursue the fraudsters, the conmen and the claimants who try to take money from the public purse fraudulently or illegally. That includes those who have defrauded the taxpayer over personal protective equipment contracts, or have not declared their full income to His Majesty’s Revenue and Customs. My constituents in the Rhondda know that defrauding the taxpayer is one of the worst forms of theft. It is theft from all of us. It undermines confidence in the system that so many rely on. It angers people when they abide by the rules and they see others swinging the lead and getting away with it.
I back 100% any attempt to tackle fraud in the system, and we will work with the Government to get the legislation right, but this is not the way to do it, because it is not proper scrutiny. The Minister with responsibility for this matter, the Minister for Disabled People, Health and Work, who is present in the Chamber, is not even speaking in the debate. The Government are asking us to take a lot on trust, as we saw from the questions put earlier to the Minister for Data and Digital Infrastructure, so I have some more questions for him that I hope he will be able to answer.
As I understand it, the Government did a test project on this in 2017—all of six years ago—so what on earth have they been doing all this while? When was the new schedule first drafted, and why did the Minister not mention it in the discussions that he and I had two weeks ago? How many bank accounts does it potentially apply to? The Government already have powers to seek bank details where they suspect fraud, so precisely how will the new power be used? I have been told that the Government will not use the power until 2027. Is that right? If so, how on earth did they come to the figure of a £600 million saving—that was the figure that they gave yesterday, but I note that the Minister said £500 million earlier—in the first five years?
What will the cost be to the banks and financial institutions? What kind of information will the Government seek? Will it include details of where people have shopped, banked or travelled, or what they have spent their money on? The Government say that they will introduce a set of criteria specifying the power. When will that be introduced, how wide in scope will it be, what assessments will accompany it, and will it be subject to parliamentary scrutiny?
There is clearly significant potential to use data to identify fraud and error. That is something that Labour is determined to do, but it is vital that new measures are used fairly and proportionately. The Department for Work and Pensions says that its ability to test for unfair impacts across protected characteristics is limited, and the National Audit Office has also warned that machine learning risks bias towards certain vulnerable people or groups with protected characteristics. Without proper safeguards in place, the changes could have significant adverse effects on the most vulnerable people in society.
On behalf of the whole Labour party, I reiterate the offer that I made to the Government yesterday. We need to get this right. We will work with Ministers to get it right, and I very much hope that we can organise meetings after today, if the Bill passes, to ensure that the debates in the Lords are well informed and that we get to a much better understanding of what the Government  intend and how we can get this right. If we get it wrong, we will undermine trust in the whole data system and in Government.
Broadly speaking, Labour supports the changes in the Bill that give greater clarity and flexibility to researchers, tech platforms and public service providers, with common-sense changes to data protection where it is overly rigid, but the Government do not need to water down essential protections for data subjects to do that. Our amendments set out clearly where we diverge from the Government and how Labour would do things differently.
By maintaining subject access request protections, establishing a definition of high-risk processing on the face of the Bill, and defending the public from automated decision making that encroaches too significantly on people’s lives, a Bill with Labour’s amendments would unlock the new potential for data that improves public services, protects workers from data power imbalances and delivers cutting-edge scientific research, while also building trust for consumers and citizens. That is the data protection regime the UK needs and that is the protection a Labour Government would have delivered.

David Davis: Before I speak to my new clause, I want to address one or two of the things that the Opposition spokesman, the hon. Member for Rhondda (Sir Chris Bryant), just raised. By not accepting his motion to recommit the Bill to a Committee, we have in effect delegated large parts of the work on this important Bill to the House of Lords. I say directly to the Whip on the Treasury Bench that, when the Bill comes back to the Commons in ping-pong, I recommend that the Whips Office allows considerable time for us to debate the changes that the Lords makes. At the end of the day, this House is responsible to our constituents and these issues will have a direct impact on them, so we ought to have a strong say over what is done with respect to this Bill.
New clause 43 in my name is entitled “Right to use non-digital verification services”. Digitisation has had tremendous benefits for society. Administrative tasks that once took weeks or even years can now be done in seconds, thanks to technology, but that technology has come with considerable risks as well as problems of access. The internet is an equaliser in many ways; I can access websites and services in East Yorkshire in the same way that we do here. I can send and receive money, contact friends and family, organise families, do work, and do all sorts of other things that we could not once do.
However, the reality is more nuanced. Some people lack the technological literacy or simply the hardware to get online and make the most of what is out there—think of elderly people, the homeless and those living on the breadline. As with many things, those groups risk being left behind by the onward march of technology through no fault of their own. Indeed, some people do not want to go fully online. Many people who are perfectly au fait with the latest gadgets are none the less deeply concerned about the security of their data, and who can blame them?
My bank account has been accessed from Israel in the past. My online emails have been broken into during political battles of one sort or another. These things are risky. I hope nobody in the Chamber has forgotten the Edward Snowden revelations about the National Security  Agency and GCHQ, which revealed a vast network of covert surveillance and data gathering by Government agencies from ordinary online activity, and the sharing of private information without consent. More recently, we have heard how Government agencies monitored people’s social media posts during the pandemic, and data trading by private companies is an enormous and lucrative industry.
What is more, as time passes and the rise of artificial intelligence takes hold, the ability to make use of central databases is becoming formidable. It is beyond imagination, so people are properly cautious about what data they share and how they share it. For some people—this is where the issue is directly relevant to this Bill—that caution will mean avoiding the use of digital identity verification, and for others that digital verification is simply inaccessible. The Bill therefore creates two serious problems by its underlying assumptions.
Already it is becoming extremely difficult for people to live anything approaching a normal life if they are not fully wired into the online network. If they cannot even verify who they are without that access, what are they supposed to do? That is why I want to create a right to offline verification and, in effect, offline identification. We saw earlier this year what can happen when someone is excluded from basic services, with the planned closure of Nigel Farage’s bank account. That case was not related to identification, but it made clear how much of an impact such exclusion can have on someone’s life. Those who cannot or do not wish to verify their identity digitally could end up in the same position as Farage and many others who have seen their access to banking restricted for unfair reasons.
The rise of online banking, although a great convenience for many, must not mean certain others being left out. We are talking about fairly fundamental rights here. Those people who, by inclination or otherwise, find it preferable or easier to stick to old-fashioned ways must not be excluded from society. My amendment would require that all services requiring identity verification offer a non-digital alternative, ensuring that everyone, regardless of who they are, will have the same access.
That non-digital alternative could take a number of forms. It could simply mean working with the Post Office to allow people to verify their identity in person, or having people post in copies of their existing identity documents, passports, driving licences and the like. The specific route is not the most important thing; what matters is that people have a choice and are not coerced into providing the data through digital means, whether their reason is concern about their privacy or something else.
Some may worry about what that means for digital-only services such as some of the so-called challenger banks, but there is nothing to stop such services remaining online and simply outsourcing the non-digital alternative for verification to a trusted third party with physical capacity. It is only right that those banks, like everyone else, offer services to everyone, regardless of how they want to prove who they are. It may well be—in fact I think it is quite likely—that a series of organisations  such as solicitors, banks and other institutions go into the business of providing physical rather than online verification.
Some 20 years ago, in the face of opposition in this place and in the country at large, the Blair Government abandoned identity cards. The reason the cards were opposed was the central control of a single piece of data about individuals. It was not about the card, but about the central control of data. That problem still applies today and people should still worry about it.
This Bill marks another step into the rapidly advancing new world of technology. It is crucial that we get this right now. If we make presumptions in this Bill that lead to people having to depend on online identification, we will create problems down the road that we have not foreseen. I say to the Minister on the Front Bench that I will not press my new clause to a vote this time, but I hope the Government will look properly at creating that right during the Bill’s passage through the Lords. It seems to me a perfectly sensible and intelligent thing for the Government to undertake.
The last point I want to make relates to the issues that the Minister for Disabled People, Health and Work, my hon. Friend the Member for Corby (Tom Pursglove), raised. To be fair to him, he raised them with me before they came to the House, and I agree with him that something like what he is proposing is necessary, but it needs to be really severely constrained. There are already commercial methods for doing some of the things he wants to do that are less intrusive than what the Government have proposed. Again, I hope we can talk to him in the interim between the Bill clearing this House and its going to the Lords. I am sure that the Opposition have got the same aims here: to get an outcome that is fair to ordinary people but protects the taxpayer from the massive frauds that the Minister is trying to stop.

Patrick Grady: It is difficult to know where to start. The Minister described this as a Brexit opportunities Bill. Of course, Brexit was supposed to be about this place taking back control. It was to be the triumph of parliamentary sovereignty over faceless Brussels bureaucrats, the end of red tape and regulations, and the beginning of a glorious new era of freedom unencumbered by all those complicated European Union rules and requirements that did silly things like keeping people safe and protecting their human rights.
Yet here we are with 200 pages of new rules and regulations and a further 160 pages of amendments. This time last week, the amendment paper was 10 pages long; today it is 15 times that and there is barely any time for any kind of proper scrutiny. Is this what Brexit was for: to hand the Government yet more sweeping powers to regulate and legislate without any meaningful oversight in this place? To create additional burdens on businesses and public services, just for the sake of being different from the European Union? The answer to those questions is probably yes.
I will speak briefly to the SNP amendments, but I will also consider some of the most concerning Government propositions being shoehorned in at the last minute in the hope that no one will notice. How else are we supposed to treat Government new schedule 1? The Minister is trying to present it as benign, or even helpful, as if it had been the Government’s intention all along to grant the DWP powers to go snooping around  in people’s bank accounts, but if it has been so long in coming, as he said, why is it being added to the Bill only now? Why was it not in the original draft, or even brought to Committee, where there could at least have been detailed scrutiny or the opportunity to table further amendments?
Of course there should be action to tackle benefit fraud—we all agree on that—but the DWP already has powers, under section 109B of the Social Security Administration Act 1992, to issue a notice to banks to share bank account information provided that they have reasonable grounds to believe that an identified, particular person has committed, or intends to commit, a benefit offence. In other words, where there is suspicion of fraud, the DWP can undertake checks on a claimant’s account. Incidentally, there should also be action to tackle tax evasion and tax fraud. The Government evidently do not require from the Bill any new powers in that area, so we can only assume that they are satisfied that they have all the powers they need and that everything possible is being done to ensure that everybody pays the tax that they owe.
The powers in new schedule 1 go much further than the powers that the DWP already has. By their own admission, the Government will allow the DWP to carry out—proactively, regularly, at scale and on a speculative basis—checks on the bank accounts and finances of claimants. The new schedule provides little in the way of safeguards or reassurances for people who may be subject to such checks. The Secretary of State said that
“only a minimum amount of data will be accessed and only in instances which show a potential risk of fraud and error”.
In that case, why is the power needed at all, given that the Government already have the power to investigate where there is suspicion of fraud? And how can only “a minimum amount” of data be accessed when the Government say in the same breath that they want to be able to carry out those checks proactively and at scale.

Carol Monaghan: My hon. Friend probably shares my concern that we are moving into a new era in which the bank account details of people claiming with the DWP must be shared as a matter of course. That is the only reason I can see for such sweeping amendments, which will impact on so many people.

Patrick Grady: There is a huge risk. It is clear that the Government’s starting point is very often to avoid giving people the social security and welfare support that they might need to live a dignified life. We know that the approach in Scotland is incredibly different.
That is the thing: as with so much of this Bill, there is a good chance that minority groups or people with protected characteristics will find themselves most at risk of those checks and of coming under the proactive suspicion of the DWP. As we said when moving the committal motion, we have not had time to seek properly to interrogate that point. In his attempts to answer interventions, the Minister kind of demonstrated why scrutiny has been so inadequate. At the same time, the Government’s own Back Benchers, including the right hon. Member for Haltemprice and Howden (Mr Davis), the hon. Member for Yeovil (Mr Fysh) and others, are tabling quite thoughtful amendments—that is never a  great sign for a Government. The Government should not be afraid of the kinds of safeguards and protections that they are proposing.
The SNP amendments look to remove the most dangerous and damaging aspects of the Bill—or, at the very least, to amend them slightly. Our new clause 44 and amendment 229 would have the effect of transferring the powers of the Surveillance Camera Commissioner to the Investigatory Powers Commissioner. That should not be all that controversial. Professor William Webster, a director of the Centre for Research into Information, Surveillance and Privacy, has warned that the Bill, as it stands, does not provide adequate mechanisms for the governance and oversight of surveillance cameras. The amendment would ensure that oversight is retained, the use of CCTV continues to be regulated, and public confidence in such technologies is strengthened, not eroded. CCTV is becoming more pervasive in the modern world—not least with the rise of video doorbells and similar devices that people can use in their own personal circumstances—so it is concerning that the Government are seeking to weaken rather than strengthen protections in that area.
The SNP’s amendment 222 would leave out clause 8, and our amendment 223 would leave out clause 10, removing the Government’s attempts to crack down on subject access requests. The effect of those clauses might, in the Government’s mind, remove red tape from businesses and other data-controlling organisations, but it would do so at the cost of individuals’ access to their own personal data. That is typified by the creation of a new and worryingly vague criterion of “vexatious or excessive” as grounds to refuse a subject access request. Although that might make life easier for data controllers, it will ultimately place restrictions on data subjects’ ability to access what is, we must remember, their data. There have been attempts—not just throughout Committee stage, but even today from the Opposition—to clarify exactly the thresholds for “vexatious and excessive” requests. The Government have been unable to answer, so those clauses should not be allowed to stand.
Amendment 224 also seeks to leave out clause 12, expressing the concerns of many stakeholders about the expansion in scope of automated decision making, alongside an erosion of existing protections against automated decision making. The Ada Lovelace Institute states that:
“Against an already-poor landscape of redress and accountability in cases of AI harms, the Bill’s changes will further erode the safeguards provided by underlying regulation.”
There is already significant and public concern about AI and its increasingly pervasive impact.
Clause 12 fails to offer adequate protections against automated decision making. An individual may grant consent for the processing of their data—indeed, they might have no choice but to do so—but that does not mean that they will fully understand or appreciates how that data will be processed or, importantly, how decisions will be made. At the very least, the Government should accept our amendment 225, which would require the controller to inform the data subject when an automated decision has been taken in relation to the data subject. I suspect, however, that that is unlikely—just as it is unlikely that the Government will accept Labour amendments 2 and 5, which we are happy to support—so I hope the House will have a chance to express its view on clause 12 as a whole later on.
The SNP’s amendments 226, 227 and 228 would have the effect of removing clauses 26, 27 and 28 respectively. Those clauses give the Home Secretary significant new powers to authorise the police to access personal data, and a power to issue a “national security” certificate telling the police that they do not need to comply with many important data protection laws and rules that they would otherwise have to obey, which would essentially give police immunity should they use personal data in a way that would otherwise be illegal—and they would no longer need to respond to requests under the Freedom of Information Act 2000. We have heard no explanation from the Government for why they think that the police should be allowed to break the law and operate under a cover of darkness.
The Bill will also expand what counts as an “intelligence service” for the purposes of data protection law. Again, that would be at the Home Secretary’s discretion, with a power to issue a designation notice allowing law enforcement bodies to take advantage of the more relaxed rules in the Data Protection Act 2018—otherwise designed for the intelligence agencies—whenever they are collaborating with the security services. The Government might argue that that creates a simplified legal framework, but in reality it will hand massive amounts of people’s personal information to the police, including the private communications of people in the UK and information about their health histories, political beliefs, religious beliefs and private lives.
Neither the amended approach to national security certificates nor the new designation notice regime would be reviewable by the courts, and given that there is no duty to report to Parliament, Parliament might never find out how and when the powers have been used. If the Home Secretary said that the police needed to use those increased powers in relation to national security, his word would be final. That includes the power to handle sensitive data in ways that would otherwise, under current legislation, be criminal.
The Home Secretary is responsible for both approving and reviewing designation notices. Only a person who is directly affected by such a notice will be able to challenge it, yet the Home Secretary would have the power to keep the notice secret, meaning that those affected would not even know about it and could not possibly challenge it. Those are expansive broadenings not just of the powers of the secretary of state, but of the police and security services. The Government have not offered any meaningful reassurance about how those powers will be applied or what oversight will exist, which is why our amendments propose scrapping those clauses entirely.
There remain other concerns about many aspects of the Bill. The British Medical Association and the National AIDS Trust have both raised questions about patients’ and workers’ right to privacy. The BMA calls the Bill
“a departure from the existing high standards of data protection for health data”.
We welcome the amendments to that area, particularly amendment 11, tabled by the hon. Member for Jarrow (Kate Osborne), which we will be happy to support should it be selected for a vote.
I am afraid that I have to echo the concerns expressed by the Labour Front-Bench spokesman, the hon. Member for Rhondda (Sir Chris Bryant), about new clause 45, which was tabled by the hon. Member for Aberconwy  (Robin Millar). That clause perhaps has laudable aims, but it is the view of the Scottish National party that it is not for this place to legislate in that way, certainly not without consultation and ideally not without consent from the devolved authorities. We look forward to hearing the hon. Member for Aberconwy make his case, but I do not think we are in a position to support his new clause at this time.
The theme of an erosion of public confidence in data handling and the use of artificial intelligence comes through in many of the stakeholder responses to the Bill. That is precisely the opposite of what the Government say they set out to do. The claims of massive savings from reduced red tape also do not stand up to scrutiny: the Government’s own impact assessment says that companies will save just £82 a year on average as a result of the reforms that the Bill introduces.
We echo some of the official Opposition’s concerns about the Bill’s democratic engagement clauses. It is important for parties, candidates and elected Members to have clarity about their position in relation to the handling of personal data, but that should not be at the expense of the rights of voters to have their personal data duly protected. As I said to the Minister in an intervention, I hope he will look at the definition of “permitted participant” in clause 88(1) and schedule 1, taking account of legislation that has been passed by the Scottish Parliament, and expand it from having the same meaning as in the Political Parties, Elections and Referendums Act 2000 to include the definitions in the Referendums (Scotland) Act 2020.
On the whole, there is far too much in the Bill, and far too little time to interrogate it all properly. Removing some of the most pernicious clauses or making amendments here and there would fundamentally do little to reduce the many risks that the Bill presents to individuals’ rights to privacy and to have their data protected from prying eyes—in Government or elsewhere—and the costs and pressures on businesses and third-sector organisations trying to comply with the regime. The Government have tabled significant new powers at the last minute through new clauses and schedules that, by definition, cannot have had the scrutiny they deserve. As such, although in principle we can support sensible amendments from both sides of the House, we will oppose many of the Government’s new clauses and schedules, and—especially given that the House has decided not to recommit the Bill for further scrutiny—I expect we will also oppose it on Third Reading.

Marcus Fysh: It is a pleasure to follow the hon. Members who have spoken in this very important debate. I declare an interest: I am the chair of the all-party parliamentary group on digital identity, so I have a particular interest in the ramifications of data as it relates to identity, but also in wider concepts—some of which we have heard about today—such as artificial intelligence and how our data might be used in the future.
I share quite a lot of the concerns that we have heard from both sides of the House. There is an awful lot more work to be done on the detail of the Bill, thinking about its implications for individuals and businesses; how our systems work and how our public services interact with them; and how our security and police  forces interact with our data. I hope that noble Members of the other place will think very hard about those things, and I hope my right hon. Friend the Minister will meet me to discuss some of the detail of the Bill and any useful new clauses or amendments that the Government might introduce in the other place. I completely agree that we do not have much time today to go through all the detail, with a substantial number of new clauses having been added in just the past few days.
I will speak specifically to some of the amendments that stand in my name. Essentially, they are in two groupings: one group deals with the operations of the trust framework for the digital verification service, which I will come back to, and the other general area is the Henry VIII-style powers that the Bill gives to Ministers. Those powers fundamentally alter the balance that has been in place since I was elected as a Member of Parliament in terms of how individuals and their data relate to the state.
On artificial intelligence, we are at a moment in human evolution where the decisions that we make—that scientists, researchers and companies make about how they use data—are absolutely fundamental to the operation of so many areas of our lives. We need to be incredibly careful about what we do to regulate AI and think about how it operates. I am concerned that we have large tech companies whose business model for decades has been nothing other than to use people’s data to create products for their own benefit and that of their shareholders. During the passage of the Online Safety Act 2023, we debated very fully in this House what the implications of the algorithms they develop might be for our children’s health, for example.
I completely agree with the Government that we should be looking for ways to stamp out fraud, and should think about how harms of various kinds are addressed. However, we need to be mindful of the big risk that fears and beliefs that are not necessarily true about different potential harms might lead us to regulate, or to guide the operations of companies and others, in such a way that we create real problems. We are talking about very capable artificial intelligence systems, and also about artificial intelligence systems that claim to be very capable but are inherently flawed. The big tech companies are almost all championing and sponsoring large language models for artificial intelligence systems that are trained on data. Those companies will lobby Ministers all the time, saying, “We want you to enable us to get more and more of people’s data,” because that data is of business value to them.
Given the Henry VIII powers that exist in the Bill, there is a clear and present danger that future Ministers— I would not cast aspersions on the current, eminent occupant of the Front Bench, who is a Wykehamist to boot—may be tempted or persuaded in the wrong direction by the very powerful data-generated interests of those big tech firms. As such, my amendments 278 and 279 are designed to remove from the Bill what the Government are proposing: effectively, that Ministers will have the power to totally recategorise what kinds of data can legitimately be shared with third parties of one kind or another. As I mentioned, that fundamentally changes the balance between individuals and the state.
Through amendment 280 and new schedule 3, I propose that when Ministers implement the trust framework within the digital verification service, that framework  should be based on principles that have been accepted for the eight years since I was elected—in particular, those used by the Government in establishing the framework around its Verify online identity service for public services. That framework should be used in the context of the Bill to think about what decision-makers should be taking into account. It is a system of principles that has been through consultation and has been broadly accepted. It is something that the ICO accepts and champions, and it would be entirely right and not at all a divergence from our current system to put those principles in place.
What I would say about the legitimate interest recognition extension—the Henry VIII power—is that there are already indications in the Bill about what will be recategorised. It gives an idea of just how broad the categorisations could be, and therefore how potentially dangerous it will be if that process is not followed or is not correctly framed—for example, in relation to direct marketing. Direct marketing can mean all sorts of things, but it is essentially any type of direct advertising in any mode using personal data to target advertising, and I think it is really dangerous to take such a broad approach to it.
Before companies share data or use data, they should have to think about what the balance is between a legitimate interest and the data rights, privacy rights and all the other rights that people may have in relation to their data. We do not want to give them a loophole or a way out of having to think about that. I am very pro-innovation and pro-efficiency, but I do not believe it is inefficient for companies and users or holders of data to have to make those basic balancing judgments. It is no skin off their nose at all. This should be something we uphold because these interests are vital to our human condition. The last thing we want is an artificial intelligence model—a large language model—making decisions about us, serving us with things based on our personal data and even leaking that personal data.
I highlight that only yesterday or the day before, a new academic report was produced showing that some of the large language models were leaking personal data on which they had been trained, even though the companies say that that is impossible. The researchers had managed to get around the alignment guardrails that these AI companies said they had in place, so we cannot necessarily believe what the big tech companies say the behaviour of these things is going to be. At the end of the day, large language models, which are just about statistics and correlations, cannot tell us why they have done something or anything about the chain of causality behind such a situation, and they inherently get things wrong. Anyone making claims that they are reliable or can be relied on to handle personal data is, I think, completely wrong. I hope that noble Lords and Ladies will think carefully about that matter and re-table amendments similar to mine.
New clause 27 and the following new clauses that the Government have tabled on interface bodies show the extent to which these new systems—and decisions about new systems—and how they interface with different public services and other bodies are totally extensible within the framework of the Bill, without further regard to minorities or to law, except in so far as there may be a case for judicial review by an individual or a company. That really is the only safeguard that there will be under  these Henry VIII clauses. The interface body provisions talk about authorised parties being able to share data. We have heard how the cookie system is very bad at the moment at effectively reflecting what individuals’ true preferences might or might not be about their personal data. It is worth highlighting the thoughtful comments we heard earlier about ways in which people can make more of a real-time decision about particular issues that may be relevant to them, but about which they may not have thought at all when they authorised such a decision in a dark or non-thinking moment, often some time before.
I want to say a little more about the operations of the digital verification services system. My amendments 242 to 250 deal with the way in which those operations occur. We should think about whether it is correct that the Minister should in effect just be able to make up whatever the fee system might be. I think that is a problem, and it is something that members of the industries engaged in digital ID, for example, have raised with me. There are some issues about how people or companies may be deregistered from the verification system and the trust mark that will supposedly be put in place by this new Government registration process. That could actually be very serious for an individual, and if they are suddenly said not to be trusted, it could be of massive import to them. There should be some process for thinking about and consulting on how such deregistration decisions are made, what avenues for challenge there may be and so on. I hope those in the other place will think very hard about those things, too.
I know that Ministers have thought about DVS as a voluntary system, rather than something absolutely required in law for everybody handling data. However, we all know that systems that are set up to establish trust become very difficult for someone who wants to run a business or to do things, because if they do not have the trust mark, that will become a real issue. It is also a very simple step from such a system to having a fully regulated body. Even if it is not ostensibly a fully regulated body in law, there would be a chilling effect for those who do not have the trust mark, so I think that is really important to think about properly.
The final amendment of mine that I want to speak to is amendment 281 on zero-knowledge proofs. Many people in the country will not know what they are, and I know about them only because I have been engaged in thinking about digital systems, digital assets, blockchains and all the technical aspects of that for some time. In essence, they are a way that digital systems can share data status—in other words, knowing what someone’s data status is—with each other, third parties and so on, without any risk that that data would be transmitted or seen by anybody else. It is of particular use in relation to privacy and the rights to privacy that we have talked about before.
As currently drafted, the Bill does not differentiate the processing of data in a way that does not expose the data or the status of the data relative to the holders of data from processes that do so. It would be highly valuable if such decentralised systems—zero-knowledge systems—of proof of particular data status were specifically  excluded from the legislation, so that it is very clear that they will not fall under potential regulation or the potential chilling effect. The side benefit is that we would also avoid the inevitable centralisation that would otherwise occur of particular big data holders or big data operators that can afford to be registered and do all such things.
I finish by urging the Government to think hard about this stuff. It might seem troublesome, and they might want to forge ahead and do innovative things and all the rest of it, but this is such a serious moment in our history as a species. The way that data is handled is now fundamental to basic human rights and, I would increasingly argue, to the human condition. People such as the likes of Sam Altman and so on in the US are openly talking about AI integration with humans and the acceleration of AI. A big debate is going on between those who want to accelerate things and those who want to decelerate them. It will be accelerated, because we cannot stop researchers and scientists doing things, but if we put the wrong frameworks in place, and allow the wrong data to be shareable in the wrong way, that could have huge consequences for us.
I say to those in the other place as well as to those on the Front Benches that we have not been able to go through this in detail, but we should think about it incredibly hard. It might seem an esoteric and arcane matter, but it is not. People might not currently be interested in the ins and out of how AI and data work, but in future you can bet your bottom dollar that AI and data will be interested in them. I urge the Government to work with us to get this right.

Rosie Winterton: I have now to announce the result of today’s deferred Division on the Draft Strikes (Minimum Service Levels: NHS Ambulance Services and the NHS Patient Transport Service) Regulations 2023. The Ayes were 297 and the Noes were 166, so the Ayes have it.
[The Division list is published at the end of today’s debates.]

Stephen Timms: I rise to speak specifically to Government new clause 34 and connected Government amendments which, as we have been reminded, give Ministers power to inspect the bank accounts of anyone claiming a social security benefit. I think it has been confirmed that that includes child benefit and the state pension, as well as universal credit and all the others. Extremely wide powers are being given to Ministers.
The Minister told us that the measure is expected to save some half a billion pounds over the next five years. I was pleased that the Minister for Disabled People, Health and Work was present at the start of the debate, although he is not now in his place and the Department for Work and Pensions is not hearing the concerns expressed about this measure. The Minister for Data and Digital Infrastructure told us that the Minister for Disabled People, Health and Work will not be not speaking in the debate, so we will not hear what the DWP thinks about these concerns.
We have also been told—I had not seen this assurance—that these powers will not be used for a few years. If that is correct, I am completely mystified by why this is being done in such a way. If we had a few years to get these powers in place, why did the Government not wait  until there was some appropriate draft legislation that could be properly scrutinised, rather than bringing such measures forward now with zero Commons scrutiny and no opportunity for that to occur? There will no doubt be scrutiny in the other place, but surely a measure of this kind ought to undergo scrutiny in this House.
I chair the Work and Pensions Committee and we have received substantial concerns about this measure, including from Citizens Advice. The Child Poverty Action Group said that
“it shouldn’t be that people have fewer rights, including to privacy, than everyone else in the UK simply because they are on benefits.”
I think that sums up what a lot of people feel, although it appears to be the position that the Government are now taking. It is surprising that the Conservative party is bringing forward such a major expansion of state powers to pry into the affairs of private citizens, and particularly doing so in such a way that we are not able to scrutinise what it is planning. As we have been reminded, the state has long had powers where there were grounds for suspecting that benefit fraud had been committed. The proposal in the Bill is for surveillance where there is absolutely no suspicion at all, which is a substantial expansion of the state’s powers to intrude.
Annabel Denham, deputy comment editor at The Daily Telegraph warned in The Spectator of such a measure handing
“authorities the power to snoop on people’s bank accounts.”
I suspect that the views expressed there are more likely to find support on the Conservative Benches than on the Labour Benches, so I am increasingly puzzled by why the Government think this is an appropriate way to act. I wonder whether the fact that there have been such warnings prompted Ministers into rushing through the measure in this deeply unsatisfactory way, without an opportunity for proper scrutiny, because they thought that if there had been parliamentary scrutiny there would be substantial opposition from the Conservative Benches as well as from the Labour Benches. It is difficult to understand otherwise why it is being done in this way.
As we have been reminded, new clause 34 will give the Government the right to inspect the bank account of anyone who claims a state pension, which is all of us. It will give the Government the right to look into the bank account of every single one of us at some point during our lives, without suspecting that we have ever done anything wrong, and without telling us that they are doing it. The Minister said earlier that the powers of the state should be limited to those absolutely necessary, and I have always understood that to be a principle of the Conservative party. Yet on the power in the new clause to look into the bank account of everybody claiming a state pension, he was unable to give us any reason why the Government should do such a thing, or why they would ever need to look into the bank accounts of people—everybody—claiming a state pension. What on earth would the Government need to do that for? The entitlement to the state pension is not based on income, savings or anything like that, so why would the Government ever wish to do that?
If we cannot think of a reason why the Government would want to do that, why are they now taking the power to enable them to do so? I think that all of us would agree, whatever party we are in, that the powers of the state should be limited to those absolutely necessary.  The power in the new clause is definitely not absolutely necessary. Indeed, no one has been able to come up with any reason for why it would ever be used.

Karl Turner: There is something called a production order. If somebody was under investigation for benefit fraud, an application could be made before a court for the production of bank accounts. If it was a matter of suspected fraud, there is already a mechanism available.

Stephen Timms: Yes, there is a clear and long-established right in law for the DWP to look into people’s bank accounts if there is a suspicion of fraud. This power is giving the Department the ability to look into the bank accounts of people where there is no suspicion at all. All of us at some point in our lives claim a social security benefit, and we are giving the Government the power to look into our bank accounts with this measure.
The Minister rightly mentioned that the idea first appeared in a DWP paper in May last year. That spoke of the need to balance this power against people’s right to privacy and to ensure that the new power was appropriate, was no more than necessary and had the right checks in place. Those proposals, having been mooted in May of last year, should have been published. We should have been able to see what exactly the proposals were. There should then have been an opportunity for discussion. They should have been consulted on, and there was plenty of time between last May and now to do all that.
Instead, the first we saw of this measure was last week, and there has been no consultation at all since that initial mooting of the idea in May last year. If the Minister can give any explanation for why that dreadful course of behaviour and procedure has been followed, we would all be interested. It seems to me incapable of being defended.
The amendment gives the Government extremely broad powers, with no checks in place, and it has been done in a way that minimises parliamentary scrutiny of what is proposed. I find it very hard to see how that can possibly be defended. No doubt the Minister will tell us that at some point there will be some document setting out checks and balances and so on, but that needs to be part of this scrutiny. It should not be that the Government take it all away to come back in a few months’ time to tell us how they will constrain the use of this power.
Finally, it occurs to me that the power being introduced could be used to establish benefit eligibility for people who do not currently claim benefits. We know, for example, that a large number of people do not claim pension credit, but are eligible for it. A lot of the information about whether they are entitled to pension credit is already held in the public sector, and in local councils in particular. If it were possible to check whether people had less than the threshold savings level, that could help in establishing eligibility for pension credit automatically. Can the Minister tell us whether that is intended with this proposal?

Jane Hunt: I rise to speak to new clause 1 in my name and that of other colleagues. Earlier this year, I met with members of Leicestershire  Police Federation, who raised concerns about elements of the Data Protection Act 2018 that were imposing unnecessary and burdensome redaction obligations on police forces. I thank the national Police Federation for its tireless campaigning on this issue, particularly Ben Hudson of Suffolk police, and I thank my hon. Friend the Member for Waveney (Peter Aldous) for all he has done in this area. I thank them for much of the information I will share today.
As I explained in Committee, part 3 of the 2018 Act implemented the law enforcement directive and made provision for data processing by competent authorities, including police forces and the Crown Prosecution Service, for law enforcement purposes. Paragraph (4) of the enforcement directive emphasised that the
“free flow of personal data between competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences…should be facilitated while ensuring a high level of protection of personal data.”
However, part 3 of the 2018 Act contains no provision at all to facilitate the free flow of personal data between the police and the CPS. Instead, it imposes burdensome obligations on the police, requiring them to redact personal data from information transferred to the CPS. Those obligations are only delaying and obstructing the expeditious progress of the criminal justice system and were not even mandated by the law enforcement directive.
The problem has arisen due to chapter 2 of part 3 of the 2018 Act, which sets out six data protection principles that apply to data processing by competent authorities for law enforcement purposes. Section 35(1) states:
“The first data protection principle is that the processing of personal data for any of the law enforcement purposes must be lawful and fair.”
Section 35(2) states:
“The processing of personal data for any of the law enforcement purposes is lawful only if and to the extent that it is based on law and either—
(a) the data subject has given consent to the processing for that purpose, or
(b) the processing is necessary for the performance of a task carried out for that purpose by a competent authority.
The Police Federation has said that it is unlikely that section 35(2)(a) will apply in this context. It has also said that in the case of 35(2)(b), the test of whether the processing is “necessary” is exacting, requiring a competent authority to apply its mind to the proportionality of processing specific items of personal data for the particular law enforcement purpose in question.
Under sections 35(3) to 35(5), where the processing is “sensitive processing”, an even more rigorous test applies, requiring among other things that the processing is
“strictly necessary for the law enforcement purpose”
in question. Section 37 states:
“The third data protection principle is that personal data processed for any of the law enforcement purposes must be adequate, relevant and not excessive in relation to the purpose for which it is processed.”
For the purposes of the 2018 Act, the Crown Prosecution Service and each police force are separate competent authorities and separate data controllers. Therefore, as set out in section 34(3), the CPS and each police force must comply with the data protection principles. A transfer of information by a police force to the CPS amounts to the processing of personal data.
The tests of “necessary” and “strictly necessary” under the first and third data protection principles require a competent authority to identify and consider each and every item of personal data contained within the information that it is intended to process and to consider whether it is necessary for that item of personal data to be processed in the manner intended. The impact of this is that when preparing a case file for a charging decision from the CPS, the police must spend huge amounts of time and resources analysing information that has been gathered by investigating officers in order to identify every item of personal data. They then have to decide whether it is necessary or, in many cases strictly necessary, for the CPS to consider each item of personal data when making its charging decision, and to redact every item of personal data that does not meet that test.
The National Police Chiefs’ Council and the CPS have produced detailed guidance on this redaction process. It emphasises that the 2018 Act is a legal requirement and that the police and the CPS do not have any special relationship that negates the need to redact and protect personal information. The combination of the requirements of the guidance and of the Act represent a huge amount of administrative work for police officers, resulting in hours of preparing appropriate redactions. Furthermore, such work is inevitably carried out by relatively junior officers who have no particular expertise in data protection, and much of it may never be used by the CPS if the matter is not charged or if the defendant pleads guilty before trial. Nationally, about 25% of cases that are submitted to the CPS are not charged. A significant proportion of that time and money could be saved if the redaction of personal data by the police occurred after, rather than before, a charging decision has been made by the CPS.
The burden that this is placing on police forces was highlighted in the 2022 “Annual Review of Disclosure” by the Attorney General’s Office, which heard evidence from police that
“redaction of material for disclosure is placing a significant pressure on resources”.
It also found that one police force had invested £1 million in a disclosure specialist team solely to deal with redaction. In its report on policing priorities, the Home Affairs Committee stated:
“The National Police Chiefs’ Council and the College of Policing said this ‘labour-intensive’ process ‘ties up police resources for a protected period of time’, meaning investigations take longer, and possibly adds to the likelihood of victims withdrawing their support for a case. The College noted that the problem has become worse as digital devices such as phones and laptops have developed ever greater storage capacity, meaning there is more data for the police to process and redact. Disparities in digital capabilities across the 43 local forces also exacerbate the problem.”
The report went on to say:
“Lengthy and inefficient redaction processes and protracted investigations are neither effective nor fair on either victims or suspects. The handling of case files needs to comply with data protection laws. However, ensuring that the requirements are proportionate and that forces have the digital capacity to meet such requirements efficiently is an urgent issue that needs addressing. More needs to be done to pilot solutions and get the balance right.”
Furthermore, the Police Federation and the National Police Chiefs’ Council estimate that the cost nationally of the redaction exercise is over £5.6 million per annum.  There is no disputing that there is a clear issue here, and I welcome that this has been acknowledged by Ministers I have been engaging with, including the Minister for Crime, Policing and Fire, my right hon. Friend the Member for Croydon South (Chris Philp); the former Home Secretary, my right hon. and learned Friend the Member for Fareham (Suella Braverman); and the Minister for Data and Digital Infrastructure, the right hon. Member for Maldon (Sir John Whittingdale). Only last week, the latter emphasised to me the Government’s support for reform.
Indeed, the autumn statement last week highlighted the Government’s commitment to boosting public sector productivity by running an ambitious public sector productivity programme with all Departments to reimagine the way public services are delivered. The focus of that will be on
“reducing the amount of time our key frontline workers, including police, doctors, and nurses, spend on administrative tasks”.
That is to ensure that they can spend more time delivering for the public. Arguably, the current process of data redaction is the biggest unnecessary administrative task keeping police officers away from the frontline, so reform needs to be implemented urgently.
My new clause lays out a blueprint for that reform and would insert a proposed new section into the 2018 Act to exempt the police service and the CPS from complying with the first data protection principle—except in so far as that principle requires processing to be fair—or with the third data protection principle when preparing a case file for submission to the CPS for a charging decision, thereby facilitating the free flow of personal data between the police and the CPS. If the CPS decided to charge, the case file would be returned to the police to carry out the redaction exercise before there was any risk of the file being disclosed to any person or body other than the CPS. In the 25% of cases in which the CPS decides not to charge, the unredacted file would simply be deleted by the CPS.
My new clause would have no obvious disadvantages, as the security of the personal data would not be compromised and the necessary redactions would still be undertaken once a charging decision had been made. Furthermore, providing material unredacted to the CPS pre-charge would not impact the timeliness of the process in any way, as the police would still be providing the same material to the CPS as they would have done previously, just unredacted.
I know from my conversations with Ministers that there are a few questions from a number of sources about whether legislative change is the best way to tackle the issues surrounding redaction. To that, the Police Federation has said that
“the hope is that the CPS will set out, within their charging advice, what material they intend to rely upon and, therefore, only the required material will have to be redacted by the police. This would be done in line with the maximum time of service set out within the ‘Better case management handbook Jan 23’, which states that service is required no less than five days before the hearing. So we must accept that there may be a slight delay in the CPS being able to serve their case on the defence at the point of charge. But the time in which it will take police forces to apply for a charging decision to the CPS will be far quicker without the need for redact. Thus, stopping defendants being on bail or under ‘released under investigation’ status for as long as they currently are and victims of crime waiting less time for charging decisions.”
In addition, the Police Federation has highlighted that while auto-redaction software will help to mitigate the current issues, it will not recover all policing capacity in respect of redaction. Officers will still need to review the item to consider what auto-redaction parameters need applying, otherwise police could risk ending up with mass over-redaction, and having to check to ensure nothing has been missed. The real benefit for auto-redaction software will come post-charge, especially if the CPS states exactly what material it intends to use or disclose.
I also appreciate that the Government feel they cannot support my amendment because of three technical legal points, and I would like to summarise the Police Federation’s response to this, based on advice from its leading counsel who are experienced in the field of data protection and privacy.
The Government’s first objection is that there are provisions in the 2018 Act, other than the first and third data protection principles, that
“in effect require the material concerned to be reviewed and redacted”.
The two examples given by the Home Office were the sixth data protection principle and section 44. The sixth data protection principle—data security—does not require case files to be redacted. The same standard of
“appropriate technical or organisational measures”
is required whether case files are redacted before  or after the CPS has made a charging decision. The Police Federation’s leading counsel has pointed out that section 44(4) of the Act already contains potentially relevant restrictions on a data subject’s rights. Those restrictions during an investigation would be consistent with an amendment providing for the police to redact any given case file only after the CPS has decided to charge.
On the Home Office’s second objection, that a broader amendment
“may be problematic for the ICO and international stakeholders”,
the legal experts have highlighted that the proposed new clause seeks only to determine the respective responsibilities of the police and the CPS in the processing involved in preparing and submitting a case file to the CPS for a charging decision. It would not remove any substantive protection or the obligation to review and redact the personal data in case file material. It simply provides for such review and redaction by the police after—rather than before—a charging decision has been made. The law enforcement directive, on which the relevant part of the 2018 Act was based, would have permitted that when the Act was passed, and I am told there is no legal reason why it cannot be introduced now.
On the Home Office’s third objection, that other privacy laws might require the police to review and redact case files even if the 2018 Act were amended in the manner suggested by the Police Federation, the legal experts have pointed out that data protection legislation does not generally seek to regulate other privacy-protecting laws. The impact of the Act on journalism is a good example, as the journalism exemption in part 5 of schedule 2 does not seek to regulate the common-law tort of misuse of private information. Data protection legislation should be appropriately calibrated in a particular area even if other legal rules may also have a role in that area. At present, the data  protection obligations give rise to the problem. The legal experts believe that it is mere speculation whether other legal rules might give rise to a similar problem if those obligations were amended.
It is crucial that we do everything possible to ease the administrative burden on police officers, to free up thousands of policing hours and get police back on to the frontline, supporting communities and tackling crime. My new clause would go a long way to achieving that, by facilitating the free flow of personal data between the police and the CPS, which would speed up the criminal justice process and reduce the burden on the taxpayer—a stated aim of the Government. How disheartening it must be for a police officer to take time and patience redacting data only to find that the case does not go forward, as occurs in 25% of cases. Common sense must prevail.

Kate Osborne: I rise to speak to the six amendments that I have tabled to the Bill. I am grateful to Mr Speaker for selecting amendment 11, which I will press to a vote. It is an extremely important amendment that I hope will unite Members across the House, and I thank the hon. Member for Glasgow North (Patrick Grady) for confirming his party’s support for it.

Chris Bryant: I add mine and that of the Labour party, too.

Kate Osborne: I thank my hon. Friend for that.
I have been contacted by many people and organisations about issues with the Bill. The British Medical Association and the National AIDS Trust have serious concerns, which I share, about the sharing of healthcare data and the failure to consider the negative impact of losing public trust in how the healthcare system manages data.
The Bill is an opportunity to adapt the UK’s data laws to strengthen accountability and data processing, but it currently fails to do so. It provides multiple Henry VIII powers that will enable future Secretaries of State to avoid parliamentary scrutiny and write their own rules. It undermines the independence of the Information Commissioner’s Office in a way that provides less protection to individuals and gives more power to the Government to restrict and interfere with the role of the commissioner.
The Government’s last-minute amendments to their own Bill, to change the rules on direct marketing in elections and give themselves extensive access to the bank accounts of benefit claimants, risk alienating people even further. I hope the House tells Ministers that it is entirely improper—in fact, it is completely unacceptable—for the Government to make those amendments, which require full parliamentary scrutiny, at this late stage.
We know people already do not trust the Government with NHS health data. The Bill must not erode public trust even more. We have seen concerns about data with GP surgeries and the recent decision to award Palantir the contract for the NHS’s federated data platform. A 2019 YouGov survey showed that only 30% of people trust the Government to use data about them ethically. I imagine that figure is much lower now. How do the Government plan to establish trust with the millions of people on pension credit, state pension, universal credit, child benefit and others whose bank accounts—millions of bank accounts—they will be able to access under  the Bill? As my hon. Friend the Member for Rhondda  (Sir Chris Bryant) and others have asked, legislative powers already exist where benefit fraud is suspected, so why is the amendment necessary?
My amendment 11 seeks to ensure that special category data, such as that relating to a person’s health, is adequately protected in workplace settings. As the Bill is currently worded, it could allow employers to share an employee’s personal data within their organisation without a justifiable reason. The health data of all workers will be at risk if the amendment falls. We must ensure that employees’ personal data, including health data, is adequately protected in workplace settings and not shared with individuals who do not need to process it.
The National AIDS Trust is concerned that the Bill’s current wording could mean that people’s HIV status can be shared without their consent in the workplace, using the justification that it is “necessary for administrative purposes”. That could put people living with HIV at risk of harassment and discrimination in the workplace. The sharing of individuals’ HIV status can lead to people living with HIV experiencing further discrimination and increase their risk of harassment or even violence.
I am concerned about the removal of checks on the police processing of an individual’s personal data. We must have such checks. The House has heard of previous incidents involving people living with HIV whose HIV status was shared without their consent by police officers, both internally within their police station and in the wider communities they serve. Ensuring that police officers must justify why they have accessed an individual’s personal data is vital for evidence in cases of police misconduct, including where a person’s HIV status is shared inappropriately by the police or when not relevant to an investigation into criminal activity.
The Bill is not robust enough on the transfer of data internationally. We need to ensure that there is a mandated annual review of the data protection test for each country so that the data protection regime is secure, and that people’s personal data, such as their LGBTQ+ identity or HIV status, will not be shared inappropriately. LGBTQ+ identities are criminalised in many countries, and the transfer of personal data to those countries could put an individual, their partner or their family members at real risk of harm.
I have tabled six amendments, which would clarify what an “administrative purpose” is when organisations process employees’ personal data; retain the duty on police forces to justify why they have accessed an individual’s personal data; ensure that third countries’ data protection tests are reviewed annually; and ensure that the Secretary of State seeks the views of the Information Commissioner when assessing other countries’ suitability for the international transfer of data. I urge all Members to vote for amendment 11, and I urge the Government and the other place to take on board all the points raised in today’s debate and in amendments 12 to 16 in my name.

John Penrose: I rise to speak to new clause 2, which, given its low number, everyone will realise I tabled pretty early in the Bill’s passage. It addresses the smart data clauses that sit as a block in the middle of the Bill.
It is wonderful to see the degree of cross-party support for the smart data measures. The shadow Minister’s remarks show that the Labour Front Bench have drunk deeply from the Kool-Aid, in the same way as the rest of  us. It is vital that the measures move forward as fast and as safely as possible, because they have huge potential for our economy and our GDP growth. As the Minister rightly said, they seek to build on the undoubted world-leading success of our existing position in open banking.
My new clause is fairly straightforward, and I hope that the Minister will elaborate in his closing remarks on the two further measures that it seeks, which I and a number of other people urged the Secretary of State to take in a letter back in July. To underline the breadth of support for the measures, the letter was signed by the chief data and analytics officer of the NatWest Group, leading figures in the Financial Data and Technology Association, the co-founder and chief executive officer of Ozone API, the director general of the Payments Association, the founder and chief executive of Icebreaker One—who is, incidentally, now also chair of the Smart Data Council—the founder of Open Banking Excellence, and the CEO of the Investing and Saving Alliance. I am making not only a cross-party point, but a point that has widespread support among the very organisations involved in smart data, and particularly the open banking success that we all seek to replicate.
If we are to replicate our success in open banking across other parts of our economy, we need two things to be true. First, we must make sure that all data standards applied in other sectors are interoperable with the data standards that already exist in open banking. The point is that data standards will be different in each sector, because each sector’s data is held in different ways, in different places and by different people, under different foundational legal powers, but they must all converge on a set of standards that means that health data can safely and securely talk to, say, energy data or banking data.
Following on from my earlier intervention, when the Minister was talking about Government new clause 27, if we are to have data standards that allow different bits of data to be exchanged safely and securely, it is essential that we do not end up with siloed standards that do not interoperate and that cannot talk to each other, between the different sectors. Otherwise, we will completely fail to leverage our existing lead in open banking, and we will effectively have to reinvent the wheel from scratch every time we open up a new sector.
I hope that, by the time the Minister responds to the various points raised in this debate, inspiration will have struck and he will be able to confirm that, although we might have different data standards, it is the Government’s intention that those standards will all be interoperable so that we avoid the problem of balkanisation, if I can put it that way. I hope he will be able to provide us with a strong reassurance in that direction.
The second point encapsulated in new clause 2 deals with the following situation. Let us suppose that I am an app company that is currently successful in open banking. I have a piece of middleware in the open banking ecosystem, but I fancy being able to take what I have done successfully—it is world-leading in open banking—and roll it out to other sectors of the economy. I might want to produce a health, energy or other app to profit—or to provide services—from the Government’s plans to roll out smart data across the rest of the  economy. I therefore need to know which sectors are going to be done and in what order. Otherwise, as I walk into the office on Monday morning, needing to go up to my development team, I do not know whether I will be telling them to do the energy development, the water development or the open smart data development for online retail first.
All I need, therefore, is a Gantt chart or a timetable—we can call it what we will; I just need something that tells me which sectors, in what order and by what dates, so that I can make sure that my app is ready on those launch dates in order to be able to profit from this. So I was delighted to see the Government’s autumn statement of a week or 10 days ago, in paragraph 4.28 of the Green Book, talking about, as those on the Labour Front Bench have mentioned,
“a Smart Data Big Bang”
covering “seven sectors”. That is wonderful—absolutely super—but I ask, “Which seven sectors, and when?” If the Minister is able to clarify that, or at the very least say when the Government are going to publish the timetable naming the sectors and the dates on which each sector will be ready, he will be doing international investors in our country and our existing successful, world-leading organisations—

Chris Bryant: I agree with the hon. Gentleman on this, but quite a lot of steps need to be taken here. For instance, we might need to mandate standards on smart meters in order to be able to take advantage of these measures. We have not been given any kind of plans so far—unless he has seen something.

John Penrose: I wish I had seen something, because then I would be able to pull my amendment or inform the House. I have not seen something, and I think such a plan is essential, not just for Members in the Chamber this afternoon, but for all those investors, business leaders and app developers. That would allow them to work out the critical path, whatever the minimum viable products might be and everything else that is going to be necessary, and by what date, for the sectors they are aiming for. So the hon. Gentleman is absolutely right in what he says, and it is vital that if the Minister cannot come up with the timetable this afternoon, he can at least come up with a timetable for the timetable, so that we all know when the thing will be available and the rest of the open banking industry can work out how it is going to become an “open everything” industry and in what order, and by what time.
So this is fairly straightforward. There are promising signs, both in the autumn statement and in the Government’s new clause 27, but further details need to be tied down before they can be genuinely useful. I am assuming, hoping and praying that the Minister will be able to provide some of those reassurances and details when he makes his closing remarks, and I will therefore be able to count this as a probing amendment and push it no further. I am devoutly hoping that he will be able to make that an easier moment for me when he gets to his feet.

Robin Millar: I apologise to right hon. and hon. Members for any confusion that my movements around the Chamber may have created earlier, Mr Deputy Speaker.
New clause 45 is about the comparability and interoperability of health data across the UK. I say to the hon. Member for Rhondda (Sir Chris Bryant), the Opposition spokesman, that I have never been called pregnant before—that is a new description—but I will return to his point shortly in these brief remarks. There are three important reasons worth stating why data comparability is important. The first is that it empowers patients. The publication of standardised outcomes gives patients the ability to make informed choices about their treatment and where they may choose to live. Secondly, it strengthens care through better professional decision making. It allows administrators to manage resources and scientists to make interpretations of the data they receive. Thirdly, comparable data strengthens devolution, administration and policy making in the health sector. Transparent and comparable data is essential for that and ensures that we, as politicians, are accountable to voters for the quality of services in our area.
We could have an academic and philosophical discussion about this, but what brings me to table new clause 45 is the state of healthcare in north Wales. We have a health board that has been in special measures for the best part of eight years, and I have to wonder if that would be the case if the scrutiny of it were greater. One of the intentions of devolution was to foster best practice, but in order for that to happen we need comparability, which has not proved to be the case in the health sector.
For example, NHS Scotland does not publish standard referral to treatment times. Where it does, it does not provide averages and percentiles, but rather the proportion of cases meeting Scotland-only targets. In Wales, RTTs are broadly defined as the time spent waiting between a referral for a procedure and getting that procedure. In England, only consultant-led pathways are reported, but in Wales some non-consultant-led pathways are included, such as direct access diagnostics and allied health professional therapies, such as physiotherapy and osteopathy, which inevitably impact waiting times.
On cancer waiting times, England and Scotland have a target of a test within six weeks. However, there are different numbers of tests—eight north and 15 south of the border—and different measures for when the period ends—until the last test is completed in England or until the report is written up in Scotland. Those who understand health matters will make better sense of what those differences mean, but I simply make the observation that there are differences.
In Wales, the way we deal with cancer waiting times is different. Wales starts its 62-day treatment target from the date the first suspicion is raised by any health provider, whereas in England the 62-day target is from the date a specialist receives an urgent GP referral. Furthermore, in Wales routine referrals reprioritised as “urgent, with suspicion of cancer” are considered to be starting a new clock.
What can be done about this and why does it require legislation? New clause 45 may seem familiar to hon. Members because it was first brought forward as an amendment to the Health and Care Bill in 2022. It was withdrawn with the specific intention of giving the Government the time to develop a collaborative framework for sharing data with the devolved Administrations.  I pay tribute to all four Governments, the Office for National Statistics and officials for their work since then.
Notwithstanding that work, on 5 September  2023 Professor Ian Diamond, the UK national  statistician, made the following remarks to the Public  Administration and Constitutional Affairs Committee about gathering comparative health data across the devolved Administrations:
“You are entirely right that statistics is a devolved responsibility and therefore the data that are collected for administrative purposes in different parts of the United Kingdom differ. We have found it very difficult recently to collect comparable data for different administrations across the UK on the health service, for example.”
On working more closely with the devolved Administrations’ own statistical authorities, he said:
“We have been working very hard to try to get comparable data. Comparable data are possible in some areas but not in others. Trying to get cancer outcomes—”
as I have just referred to—
“is very difficult because they are collected in different ways… While statistics is devolved, I do not have the ability to ensure that all data are collected in a way that is comparable. We work really hard to make comparable data as best as possible, but at the moment I have to be honest that not all data can be compared.”
Mr Deputy Speaker, new clause 45 was brought forward as a constructive proposal. I believe that it is good for the patients, good for the professionals who work on their healthcare, and good for our own accountability. I do not think that this House would be divided on grounds of compassion or common sense. I thank all those Members who have supported my new clause and urge the Government to legislate on this matter. Today was an opportunity for me to discuss the issues involved, but I shall not be moving my new clause.

Roger Gale: With the leave of the House, I call the Minister to wind up the debate.

John Whittingdale: I thank all hon. Members who have contributed to the debate. I believe that these matters are important, if sometimes very complicated and technical. My hon. Friend the Member for Yeovil (Mr Fysh) was absolutely right to stress how fundamentally important they are, and they will become more so.
I also thank the shadow Minister for identifying the areas where we are in agreement. We had a good Committee stage with his colleague, the hon. Member for Barnsley East (Stephanie Peacock), where we agreed on the overall objectives of the Bill. It is welcome that the shadow Minister has supported us, particularly on the amendment that we moved this afternoon on the powers of the Information Commissioner’s Office, the provisions relating to digital verification services, and smart data. There were, however, some areas on which we will not agree.
Let me begin by addressing the main amendments that the hon. Gentleman has moved. Amendment 1 relates to high-risk processing. It is the case that one of the main aims of the Bill is to remove some of the UK GDPR’s unnecessary compliance burdens. That is why organisations will be required to designate only senior responsible individuals to carry out risk assessments and keep records of processing when their activities pose high risks to individuals. The amendments that the hon. Gentleman is proposing would reintroduce a  prescriptive list of high-risk processing activities drawn from article 35 of the UK GDPR. We find that some of the language in article 35 is unclear and confusing, which is partly why we removed it in the first place. We think organisations should have the ability to make a judgment of risk based on the specific nature, scale and context of their own processing activities. We do not need to provide prescriptive examples of high-risk processing in the legislation, because any list could quickly become out of date. Instead, to help data controllers, clause 18 of the Bill requires the ICO to produce a document with examples of what the commissioner considers to be high-risk processing.

Chris Bryant: But the Minister has already indicated that, basically, he will come forward with exactly the same list as is in the legislation that the Government are amending. All that is happening is that, in the Bill, the Information Commissioner will be doing what the Government or the House could be doing, and this is the one area where the Government disagree with the Information Commissioner.

John Whittingdale: As I say, the Government do not believe that it is necessary to have a prescriptive list in the Bill. We feel that it is better that individuals make a judgment based on their assessment of the risk, with the guidance of the Information Commissioner.
Moving to the shadow Minister’s second amendment, the Government agree that controllers should not be able to refuse a request without proper thought or consideration. That is why the existing responsibilities of controllers to facilitate requests from data subjects as the default has not changed and why the new article 12A also ensures that the burden of proof for a request meeting the vexatious or excessive threshold remains with the controller. The Government believe that is sufficient, and stipulating that evidence must be provided each time a request is refused may not be appropriate in all circumstances and would likely bring further burdens for controllers. On that basis, we oppose that amendment.
On amendment 5, the safeguards set out in reformed article 22 of the UK GDPR ensure that individuals are able to seek human intervention when significant decisions about them are taken solely through automated means with no meaningful human involvement.
Partly automated decisions already involve meaningful human involvement, so there is no need to extend the safeguards in article 22 to all forms of automated decision making. In such instances, other data protection requirements continue to apply and offer relevant protections to data subjects, as set out in the broader UK data protection regime. Those protections include lawfulness, fairness, transparency and accountability.
Amendment 218, which the hon. Member for Rhondda tabled along with amendments 219 and 220, gives us the opportunity to debate the democratic engagement provisions in the Bill. Amendments 218 and 219 would remove clauses 87 and 88, which give the Secretary of State a power to make exceptions to the privacy and electronic communications regulations direct marketing provisions on communications sent for the purposes of democratic engagement.
We have no immediate plans to use the regulation powers, but it is conceivable that future Governments might want to treat communications sent for the purposes of democratic engagement differently from those for commercial marketing. We would lose the option to do that if the regulation-making powers were removed. Before laying any regulations under the clause, the Secretary of State would need to consult the Information Commissioner and have specific regard to the effect that further exceptions could have.
I turn to the measure relating to the powers of the Department for Work and Pensions, raised by the hon. Member for Rhondda, the right hon. Member for East Ham (Sir Stephen Timms), who is Chair of the Work and Pensions Committee, and the hon. Member for Glasgow North (Patrick Grady), who speaks for the Scottish National party. We believe that this targeted and limited measure will enable us to identify fraudulent benefit claims and, as a result, will save the taxpayer a significant amount of money.
On the specific point of whether the powers should be targeted on individual benefits rather than more generally, I should say that at the moment fraud and error in state pensions, for instance, is near zero. The Government intend to target the benefits power where there is clear evidence of fraudulent activity. We are including all benefits to make sure that state pensions stay that way.

Stephen Timms: My understanding was that the level of fraud among state pension claims was indeed extremely small. The Minister said earlier that the Government should take powers only where they are absolutely necessary; I think he is now saying that they are not necessary in the case of people claiming a state pension. Is he confident that that bit of this power—to look into the bank account of anybody claiming a state pension—is absolutely necessary?

John Whittingdale: What I am saying is that the Government’s intention is to use the power only when there is clear evidence or suggestion that fraud is taking place on a significant scale. The Government simply want to retain the option to amend that should future evidence emerge; that is why the issue has been left open.

Chris Bryant: The trouble is that this is not about amending. The Government describe the relevant benefits in part 5 of proposed new schedule 3B, within new schedule 1, which is clear that pensions are included. The Minister has effectively said at the Dispatch Box that the Government do not need to tackle fraud in relation to pensions; perhaps it would be a good idea for us to all sit down and have a meeting to work out a more sensible set of measures to tackle fraud where it is necessary, rather than giving unending powers to the Government.

John Whittingdale: I agree, to the extent that levels of fraud in state pensions being currently nearly zero, the power is not needed in that case. However, the Government wish to retain an option should the position change in the future. But I am happy to take the hon. Gentleman up on his request on behalf of my hon. Friend the Minister for Disabled People, Health and  Work, with whom he has already engaged. I am sure that the right hon. Member for East Ham will want to examine the issue further in the Work and Pensions Committee, which he chairs. It will undoubtedly also be subject to further discussions in the other place. We are certainly open to further discussion.
The right hon. Member for East Ham also raised the question of commencement. I can tell him that the test and learn phase will begin in 2025, with a steady roll-out to full-scale delivery by 2030. I am sure that he will want to examine these matters further.
The amendment tabled by my right hon. Friend the Member for Haltemprice and Howden (Mr Davis) focuses on digital exclusion. The Bill provides for the use of secure and inclusive digital identities across the economy. It does not force businesses or individuals to use them. Individual choice is integral to our approach. As the Bill makes clear, digital verification services can be provided only at the request of the individual. Where people want to use a digital verification service, the Government are committed to ensuring that available products and services are secure and privacy-focused. That is to be achieved through the high standards set out in the trust framework.
The trust framework also outlines how services can improve inclusion, and requires services to publish an annual inclusion monitoring report. There are businesses that operate only in the digital sphere, such as some online banks and energy companies, as I think has been acknowledged. We feel that to oblige them to offer manual document checking would place obligations on businesses that go beyond the Government’s commitment to do only what is necessary to enable the digital market to grow.
On amendment 224 from the Scottish National party, solely automated decision making that produces legal or similarly significant effects on individuals was not entirely prohibited previously under the UK’s data protection legal framework. The rules governing article 22 are confusing and complex, so clause 12 clarifies and simplifies the rules related to solely automated decision making, and will reduce barriers to responsible data use, help to drive innovation, and maintain high standards of data protection. The reforms do not water down any of the protections to data subjects offered under the broader UK data protection regime—that is, UK GDPR and the Data Protection Act 2018.
On the other amendment tabled by the SNP, amendment 229, effective independent oversight of surveillance camera systems is crucial to public trust. The oversight framework is complex and confusing for the police and public because of substantial duplication between the surveillance camera commissioner functions and the code, which covers police and local authorities in England and Wales only, and the ICO and data protection legislation. The Bill addresses that, following public consultation, through abolishing the surveillance camera commissioner and code.
The amendment tabled by the hon. Member for Glasgow North would negate that by retaining the code and transferring the surveillance camera commissioner functions to the investigatory powers commissioner. It would also blur the lines between overt and covert surveillance, which the investigatory powers commissioner  oversees. Those two types of surveillance have distinct legislation and oversight, mainly because covert surveillance is generally considered to be significantly more intrusive.
On amendment 222, it is important to be clear that the ability to refuse or charge a reasonable fee for a request already exists, and clause 8 does not place new restrictions on reasonable requests from data subjects. The Government believe that it is proportionate to allow controllers to refuse or charge a reasonable fee for vexatious or excessive requests, and a clearer provision enables controllers to focus time and resources on responding to reasonable requests instead.
Amendments 278 and 279, tabled by my hon. Friend the Member for Yeovil, would remove the new lawful ground of recognised legitimate interests, which the Bill will add to article 6 of UK GDPR. Amendment 230 accepts that there is merit in retaining the recognised legitimate interests list, but would make any additions to it subject to a super-affirmative parliamentary procedure. It is true that the Bill removes the need for non-public-sector organisations to do a detailed legitimate interests assessment in relation to a small number of processing activities. Those include activities relating for example to the safeguarding of children, crime prevention and responding to emergencies. We heard from stakeholders that the need to do an assessment and the fear of getting it wrong could sometimes delay or deter those important processing activities from taking place. Future Governments would not be able to add new activities to the list lightly; clause 5 of the Bill already makes it clear that the Secretary of State must carefully consider the rights and interests of people, and in particular the special protection needed for children, before adding anything new to the list. Any new regulations would also need to be approved via the affirmative resolution procedure.
My hon. Friend the Member for Yeovil has tabled a large number of other amendments, which are complicated in nature. I have written to him in some detail setting out the Government’s response to each of those, but if he wishes to pursue further any of the points contained therein I would be very happy to have further discussions with him.
I would like to comment on the amendments by several of my colleagues that I wish I was in a position to be able to support. In particular, my hon. Friend the Member for Loughborough (Jane Hunt) has been assiduous in pursuing her point both in the Bill Committee and in this debate. The problem she identifies is without question a very real one, and she set out in some detail how it is massively increasing the burden on the police, which clearly we would wish to reduce wherever possible.
I have had meetings with Home Office Ministers, as my hon. Friend has, and they absolutely identify that problem and share her wish. While we welcome her intent, the problem is that we do not think that her amendment as drafted would achieve her aims of removing the burden of redaction. To do so would require the amendment and exception of more principles than those identified in the amendment. Indeed, it would require the amendment of more laws than just the Data Protection Act 2018.
The Government are absolutely committed to reducing the burden on the police, but it is obviously important that, if we do so, we do it right, and that the solution works comprehensively. We are therefore actively working on ways to better address the issue, including through  improved process, new technology, guidance and legislation. I am very happy to continue to work with her on achieving the aim that we all share and so too, I know, are colleagues in the Home Office.
With respect to the amendments tabled by my hon. Friend the Member for Weston-super-Mare (John Penrose), as I indicated, we absolutely share his enthusiasm for smart data and ensuring that the powers within the Bill are implemented in a timely manner, with interoperability at their core. While I agree that we can only fully realise the benefits of smart data schemes if they enable interoperability, different sectors will have different levels of existing digital infrastructure and capability. Thus, we could inadvertently hinder the success of future schemes if we mandated the use of one universal set of standards based, for instance, on those used in open banking.
The Government will ensure that interoperability is central to the development of smart data schemes. To support our thinking, we are working with industry and regulators in the Smart Data Council to identify the technical infrastructure that needs to be replicated. With regard to the timeline—or even the timeline for a timeline—that my hon. Friend asked for, I recognise that it is important to build investor, industry and consumer confidence by outlining the Government’s planned timeline.
My hon. Friend is right to highlight the Chancellor’s comments in the autumn statement, where we set out plans to kick-start the smart data big bang, and our ambition for using those powers across seven sectors. At this stage I am afraid I am not able to accept his amendment, but it is our intention to set out those plans in more detail in the coming months. I know the Under-Secretary of State for Business and Trade, my hon. Friend the Member for Thirsk and Malton (Kevin Hollinrake) and I will be happy to work with him to do so.
The aim of the amendment tabled by the hon. Member for Jarrow (Kate Osborne) was to clarify that, when special category data of employees such as health data is transferred between members of a group of undertakings for internal administrative purposes on grounds of legitimate interests, the conditions and safeguards outlined in schedule 1 of the Data Protection Act should apply to that processing. The Government agree with the sentiment of her amendment, but consider that it is unnecessary. The current legal framework already requires controllers to identify an exemption under article 9 of the UK GDPR if they are processing special category data. Those exemptions are supplemented by the conditions and safeguards outlined in schedule 1. Under those provisions, employers can process special category data where processing is necessary to comply with obligations under employment law. We do not therefore consider the amendment necessary.
Finally, I turn to new clause 45, tabled by my hon. Friend the Member for Aberconwy (Robin Millar). The Government are absolutely committed to improving the availability of comparable UK-wide data. He, too, has been assiduous in promoting that cause, and we are very happy to work with him. We are extremely supportive of the principle underlying his amendment. He is right to point out that people have the right to know the extent of Labour’s failings with the NHS in Wales, as he   pointed out, and his new clause sends an important message on our commitment to better data. I can commit to working at pace with him and the UK Statistics Authority to look at ways in which we may be able to implement the intentions of his amendment and bring forward legislative changes following those discussions.
On that basis, I commend the Government amendments to the House.
Question put and agreed to.
New clause 6 accordingly read a Second time, and added to the Bill.

Roger Gale: For the benefit of all Members, we are before the knife, so we will have to go through a sequence of procedures. It would help me, the Clerk and the Minister if we had a degree of silence. This will take a little time, and we need to be able to concentrate.

New Clause 48 - Processing of personal data revealing political opinions

“(1) Schedule 1 to the Data Protection Act 2018 (special categories of personal data) is amended in accordance with subsections (2) to (5).
(2) After paragraph 21 insert—
‘Democratic engagement
21A (1) This condition is met where—
(a) the personal data processed is personal data revealing political opinions,
(b) the data subject is aged 14 or over, and
(c) the processing falls within sub-paragraph (2),
subject to the exceptions in sub-paragraphs (3) and (4).
(2) Processing falls within this sub-paragraph if—
(a) the processing—
(i) is carried out by an elected representative or a person acting with the authority of such a representative, and
(ii) is necessary for the purposes of discharging the elected representative’s functions or for the purposes of the elected representative’s democratic engagement activities,
(b) the processing—
(i) is carried out by a registered political party, and
(ii) is necessary for the purposes of the party’s election activities or democratic engagement activities,
(c) the processing—
(i) is carried out by a candidate for election as an elected representative or a person acting with the authority of such a candidate, and
(ii) is necessary for the purposes of the candidate’s campaign for election,
(d) the processing—
(i) is carried out by a permitted participant in relation to a referendum or a person acting with the authority of such a person, and
(ii) is necessary for the purposes of the permitted participant’s campaigning in connection with the referendum, or
(e) the processing—
(i) is carried out by an accredited campaigner in relation to a recall petition or a person acting with the authority of such a person, and
(ii) is necessary for the purposes of the accredited campaigner’s campaigning in connection with the recall petition.
(3) Processing does not meet the condition in sub-paragraph (1) if it is likely to cause substantial damage or substantial distress to an individual.
(4) Processing does not meet the condition in sub-paragraph (1) if—
(a) an individual who is the data subject (or one of the data subjects) has given notice in writing to the controller requiring the controller not to process personal data in respect of which the individual is the data subject (and has not given notice in writing withdrawing that requirement),
(b) the notice gave the controller a reasonable period in which to stop processing such data, and
(c) that period has ended.
(5) For the purposes of sub-paragraph (2)(a) and (b)—
(a) “democratic engagement activities” means activities whose purpose is to support or promote democratic engagement;
(b) “democratic engagement” means engagement by the public, a section of the public or a particular person with, or with an aspect of, an electoral system or other democratic process in the United Kingdom, either generally or in connection with a particular matter, whether by participating in the system or process or engaging with it in another way;
(c) examples of democratic engagement activities include activities whose purpose is—
(i) to promote the registration of individuals as electors;
(ii) to increase the number of electors participating in elections for elected representatives, referendums or processes for recall petitions in which they are entitled to participate;
(iii) to support an elected representative or registered political party in discharging functions, or carrying on other activities, described in sub-paragraph (2)(a) or (b);
(iv) to support a person to become a candidate for election as an elected representative;
(v) to support a campaign or campaigning referred to in sub-paragraph (2)(c), (d) or (e);
(vi) to raise funds to support activities whose purpose is described in sub-paragraphs (i) to (v);
(d) examples of activities that may be democratic engagement activities include—
(i) gathering opinions, whether by carrying out a survey or by other means;
(ii) communicating with electors.
(6) In this paragraph—
“accredited campaigner” has the meaning given in Part 5 of Schedule 3 to the Recall of MPs Act 2015;
“candidate” , in relation to election as an elected representative, has the meaning given by the provision listed in the relevant entry in the second column of the table in sub-paragraph (7);
“elected representative” means a person listed in the first column of the table in sub-paragraph (7) and see also sub-paragraphs (8) to (10);
“election activities” , in relation to a registered political party, means—
(a) campaigning in connection with an election for an elected representative, and
(b) activities whose purpose is to enhance the standing of the party, or of a candidate standing for election in its name, with electors;
“elector” means a person who is entitled to vote in an election for an elected representative or in a referendum;
“permitted participant” has the same meaning as in Part 7 of the Political Parties, Elections and Referendums Act 2000 (referendums) (see section 105 of that Act);
“recall petition” has the same meaning as in the Recall of MPs Act 2015 (see section 1(2) of that Act);
“referendum” means a referendum or other poll held on one or more questions specified in, or in accordance with, an enactment;
“registered political party” means a person or organisation included in a register maintained under section 23 of the Political Parties, Elections and Referendums Act 2000;
“successful” , in relation to a recall petition, has the same meaning as in the Recall of MPs Act 2015 (see section 14 of that Act).
(7) This is the table referred to in the definitions of “candidate” and “elected representative” in sub-paragraph (6)—

  

  Elected representative
  Candidate for election as an elected representative


  member of the House of Commons
  section 118A of the Representation of the People Act 1983


  a member of the Senedd
  article 84(2) of the National Assembly for Wales (Representation of the People) Order 2007 (S.I. 2007/236)


  a member of the Scottish Parliament
  article 80(1) of the Scottish Parliament (Elections etc) Order 2015 (S.S.I. 2015/425)


  a member of the Northern Ireland Assembly
  section 118A of the Representation of the People Act 1983, as applied by the Northern Ireland Assembly (Elections) Order 2001  (S.I. 2001/2599)


  an elected member of a local authority within the meaning of section 270(1) of the Local Government Act 1972, namely—
  (i) in England, a county council, a district council, a London borough council or a parish council;
  (ii) in Wales, a county council, a county borough council or a community council;
  section 118A of the Representation of the People Act 1983


  an elected mayor of a local authority within the meaning of Part 1A or 2 of the Local Government Act 2000
  section 118A of the Representation of the People Act 1983, as applied by the Local Authorities (Mayoral Elections) (England and Wales) Regulations 2007  (S.I. 2007/1024)


  a mayor for the area of a combined authority established under section 103 of the Local Democracy, Economic Development and Construction Act 2009
  section 118A of the Representation of the People Act 1983, as applied by the Combined Authorities (Mayoral Elections) Order 2017  (S.I. 2017/67)


  a mayor for the area of a combined county authority established under section 9 of the Levelling-up and Regeneration Act 2023
  section 118A of the Representation of the People Act 1983, as applied by the Combined Authorities (Mayoral Elections) Order 2017  (S.I. 2017/67)


  the Mayor of London or an elected member of the London Assembly
  section 118A of the Representation of the People Act 1983


  an elected member of the Common Council of the City of London
  section 118A of the Representation of the People Act 1983


  an elected member of the Council of the Isles of Scilly
  section 118A of the Representation of the People Act 1983


  an elected member of a council constituted under section 2 of the Local Government etc (Scotland) Act 1994
  section 118A of the Representation of the People Act 1983


  an elected member of a district council within the meaning of the Local Government Act (Northern Ireland) 1972 (c. 9 (N.I.))
  section 130(3A) of the Electoral Law Act (Northern Ireland) 1962 (c. 14 (N.I.))


  (n)a police and crime commissioner
  article 3 of the Police and Crime Commissioner Elections Order 2012 (S.I. 2012/1917)

  

(8) For the purposes of the definition of “elected representative” in sub-paragraph (6), a person who is—
(a) a member of the House of Commons immediately before Parliament is dissolved,
(b) a member of the Senedd immediately before Senedd Cymru is dissolved,
(c) a member of the Scottish Parliament immediately before that Parliament is dissolved, or
(d) a member of the Northern Ireland Assembly immediately before that Assembly is dissolved,
is to be treated as if the person were such a member until the end of the period of 30 days beginning with the day after the day on which the subsequent general election in relation to that Parliament or Assembly is held.
(9) For the purposes of the definition of “elected representative” in sub-paragraph (6), where a member of the House of Commons’s seat becomes vacant as a result of a successful recall petition, that person is to be treated as if they were a member of the House of Commons until the end of the period of 30 days beginning with the day after—
(a) the day on which the resulting by-election is held, or
(b) if earlier, the day on which the next general election in relation to Parliament is held.
(10) For the purposes of the definition of “elected representative” in sub-paragraph (6), a person who is an elected member of the Common Council of the City of London and whose term of office comes to an end at the end of the day preceding the annual Wardmotes is to be treated as if the person were such a member until the end of the fourth day after the day on which those Wardmotes are held.’
(3) Omit paragraph 22 and the italic heading before it.
(4) In paragraph 23 (elected representatives responding to requests)—
(a) leave out sub-paragraphs (3) to (5), and
(b) at the end insert—
‘(6) In this paragraph, “elected representative” has the same meaning as in paragraph 21A.’
(5) In paragraph 24(3) (definition of ‘elected representative’), for ‘23’ substitute ‘21A’.
(6) In section 205(2) of the 2018 Act (general interpretation: periods of time), in paragraph (i), for ‘paragraph 23(4) and (5)’ substitute ‘paragraph 21A(8) to (10)’.”—(Sir John Whittingdale.)
This new Clause inserts into Schedule 1 to the Data Protection Act 2018 (conditions for processing of special categories of personal data) a condition relating to processing by elected representatives, registered political parties and others of information about an individual’s political opinions for the purposes of democratic engagement activities and campaigning.
Brought up, read the First and Second time, and added to the Bill.

New Clause 7 - Searches in response to data subjects’ requests

“(1) In Article 15 of the UK GDPR (right of access by the data subject)—
(a) after paragraph 1 insert—
‘1A. Under paragraph 1, the data subject is only entitled to such confirmation, personal data and other information as the controller is able to provide based on a reasonable and proportionate search for the personal data and other information described in that paragraph.’, and
(b) in paragraph 3, after ‘processing’ insert ‘to which the data subject is entitled under paragraph 1’.
(2) The 2018 Act is amended in accordance with subsections (3) and (4).
(3) In section 45 (law enforcement processing: right of access by the data subject), after subsection (2) insert—
‘(2A) Under subsection (1), the data subject is only entitled to such confirmation, personal data and other information as the controller is able to provide based on a reasonable and proportionate search for the personal data and other information described in that subsection.’
(4) In section 94 (intelligence services processing: right of access by the data subject), after subsection (2) insert—
‘(2ZA) Under subsection (1), the data subject is only entitled to such confirmation, personal data and other information as the controller is able to provide based on a reasonable and proportionate search for the personal data and other information described in that subsection.’
(5) The amendments made by this section are to be treated as having come into force on 1 January 2024.”—(Sir John Whittingdale.)
This new clause confirms that, in responding to subject access requests, controllers are only required to undertake reasonable and proportionate searches for personal data and other information.
Brought up, read the First and Second time, and added to the Bill.

New Clause 8 - Notices from the Information Commissioner

“(1) The 2018 Act is amended in accordance with subsections (2) and (3).
(2) Omit section 141 (notices from the Commissioner).
(3) After that section insert—
‘141A Notices from the Commissioner
(1) This section applies in relation to a notice authorised or required by this Act to be given to a person by the Commissioner.
(2) The notice may be given to the person by—
(a) delivering it by hand to a relevant individual,
(b) leaving it at the person’s proper address,
(c) sending it by post to the person at that address, or
(d) sending it by email to the person’s email address.
(3) A “relevant individual” means—
(a) in the case of a notice to an individual, that individual;
(b) in the case of a notice to a body corporate (other than a partnership), an officer of that body;
(c) in the case of a notice to a partnership, a partner in the partnership or a person who has the control or management of the partnership business;
(d) in the case of a notice to an unincorporated body (other than a partnership), a member of its governing body.
(4) For the purposes of subsection (2)(b) and (c), and section 7 of the Interpretation Act 1978 (services of documents by post) in its application to those provisions, a person’s proper address is—
(a) in a case where the person has specified an address as one at which the person, or someone acting on the person’s behalf, will accept service of notices or other documents, that address;
(b) in any other case, the address determined in accordance with subsection (5).
(5) The address is—
(a) in a case where the person is a body corporate with a registered office in the United Kingdom, that office;
(b) in a case where paragraph (a) does not apply and the person is a body corporate, partnership or unincorporated body with a principal office in the United Kingdom, that office;
(c) in any other case, an address in the United Kingdom at which the Commissioner believes, on reasonable grounds, that the notice will come to the attention of the person.
(6) A person’s email address is—
(a) an email address published for the time being by that person as an address for contacting that person, or
(b) if there is no such published address, an email address by means of which the Commissioner believes, on reasonable grounds, that the notice will come to the attention of that person.
(7) A notice sent by email is treated as given 48 hours after it was sent, unless the contrary is proved.
(8) In this section “officer”, in relation to a body corporate, means a director, manager, secretary or other similar officer of the body.
(9) This section does not limit other lawful means of giving a notice.’
(4) In Schedule 2 to the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 (S.I. 2016/696) (Commissioner’s enforcement powers), in paragraph 1(b), for ‘141’ substitute ‘141A’.”—(Sir John Whittingdale.)
This amendment adjusts the procedure by which notices can be given by the Information Commissioner under the Data Protection Act 2018. In particular, it enables the Information Commissioner to give notices by email without obtaining the consent of the recipient to use that mode of delivery.
Brought up, read the First and Second time, and added to the Bill.

New Clause 9 - Court procedure in connection with  subject access requests

“(1) The Data Protection Act 2018 is amended as follows.
(2) For the italic heading before section 180 substitute—
‘Jurisdiction and court procedure’.
(3) After section 180 insert—
‘180A Procedure in connection with subject access requests
(1) This section applies where a court is required to determine whether a data subject is entitled to information by virtue of a right under—
(a) Article 15 of the UK GDPR (right of access by the data subject);
(b) Article 20 of the UK GDPR (right to data portability);
(c) section 45 of this Act (law enforcement processing: right of access by the data subject);
(d) section 94 of this Act (intelligence services processing: right of access by the data subject).
(2) The court may require the controller to make available for inspection by the court so much of the information as is available to the controller.
(3) But, unless and until the question in subsection (1) has been determined in the data subject’s favour, the court may not require the information to be disclosed to the data subject or the data subject’s representatives, whether by discovery (or, in Scotland, recovery) or otherwise.
(4) Where the question in subsection (1) relates to a right under a provision listed in subsection (1)(a), (c) or (d), this section does not confer power on the court to require the controller to carry out a search for information that is more extensive than the reasonable and proportionate search required by that provision.’”—(Sir John Whittingdale.)
This new clause makes provision about courts’ powers to require information to be provided to them, and to a data subject, when determining whether a data subject is entitled to information under certain provisions of the data protection legislation.
Brought up, read the First and Second time, and added to the Bill.

New Clause 10 - Approval of a supplementary code

“(1) This section applies to a supplementary code whose content is for the time being determined by a person other than the Secretary of State.
(2) The Secretary of State must approve the supplementary code if—
(a) the code meets the conditions set out in the DVS trust framework (so far as relevant),
(b) an application for approval of the code is made which complies with any requirements imposed by a determination under section (Applications for approval and re-approval), and
(c) the applicant pays any fee required to be paid by a determination under section (Fees for approval, re-approval and continued approval)(1).
(3) The Secretary of State must notify an applicant in writing of the outcome of an application for approval.
(4) The Secretary of State may not otherwise approve a supplementary code.
(5) In this Part, an “approved supplementary code” means a supplementary code for the time being approved under this section.
(6) For when a code ceases (or may cease) to be approved under this section, see sections (Change to conditions for approval or designation), (Revision of a recognised supplementary code) and (Request for withdrawal of approval).”—(Sir John Whittingdale.)
This amendment sets out when a supplementary code of someone other than the Secretary of State must be approved by the Secretary of State.
Brought up, read the First and Second time, and added to the Bill.

New Clause 11 - Designation of a supplementary code

“(1) This section applies to a supplementary code whose content is for the time being determined by the Secretary of State.
(2) If the Secretary of State determines that the supplementary code meets the conditions set out in the DVS trust framework (so far as relevant), the Secretary of State may designate the code as one which complies with the conditions.
(3) In this Part, a ‘designated supplementary code’ means a supplementary code for the time being designated under this section.
(4) For when a code ceases (or may cease) to be designated under this section, see sections (Change to conditions for approval or designation), (Revision of a recognised supplementary code) and (Removal of designation).”—(Sir John Whittingdale.)
This enables the Secretary of State to designate a supplementary code of the Secretary of State as one which complies with the conditions set out in the DVS trust framework.
Brought up, read the First and Second time, and added to the Bill.

New Clause 12 - List of recognised supplementary codes

“(1) The Secretary of State must—
(a) maintain a list of recognised supplementary codes, and
(b) make the list publicly available.
(2) For the purposes of this Part, each of the following is a ‘recognised supplementary code’—
(a) an approved supplementary code, and
(b) a designated supplementary code.”—(Sir John Whittingdale.)
This amendment places the Secretary of State under a duty to publish, and keep up to date, a list of supplementary codes that are designated or approved.
Brought up, read the First and Second time, and added to the Bill.

New Clause 13 - Change to conditions for approval or designation

“(1) This section applies if the Secretary of State revises the DVS trust framework so as to change the conditions which must be met for the approval or designation of a supplementary code.
(2) An approved supplementary code which is affected by the change ceases to be an approved supplementary code at the end of the relevant period unless an application for re-approval of the code is made within that period.
(3) Pending determination of an application for re-approval the supplementary code remains an approved supplementary code.
(4) Before the end of the relevant period the Secretary of State must—
(a) review each designated supplementary code which is affected by the change (if any), and
(b) determine whether it meets the conditions as changed.
(5) If, on a review under subsection (4), the Secretary of State determines that a designated supplementary code does not meet the conditions as changed, the code ceases to be a designated supplementary code at the end of the relevant period.
(6) A supplementary code is affected by a change if the change alters, or adds, a condition which is or would be relevant to the supplementary code when deciding whether to approve it under section (Approval of a supplementary code) or designate it under section (Designation of a supplementary code).
(7) In this section “the relevant period” means the period of 21 days beginning with the day on which the DVS trust framework containing the change referred to in subsection (1) comes into force.
(8) Section (Approval of a supplementary code) applies to re-approval of a supplementary code as it applies to approval of such a code.”—(Sir John Whittingdale.)
This amendment provides that when conditions for approval or designation are changed this requires re-approval of an approved supplementary code and, in the case of a designated supplementary code, a re-assessment of whether the code meets the revised conditions.
Brought up, read the First and Second time, and added to the Bill.

New Clause 14 - Revision of a recognised supplementary code

“(1) If an approved supplementary code is revised—
(a) the code before and after the revision are treated as the same code for the purposes of this Part, and
(b) the code ceases to be an approved supplementary code unless subsection (2) or (4) applies.
(2) This subsection applies if the supplementary code, in its revised form, has been approved under section (Approval of a supplementary code).
(3) If subsection (2) applies the approved supplementary code, in its revised form, remains an approved supplementary code.
(4) This subsection applies for so long as—
(a) a decision is pending under section (Approval of a supplementary code) on an application for approval of the supplementary code in its revised form, and
(b) the revisions to the code have not taken effect.
(5) If subsection (4) applies the supplementary code, in its unrevised form, remains an approved supplementary code.
(6) The Secretary of State may revise a designated supplementary code only if the Secretary of State is satisfied that the code, in its revised form, meets the conditions set out in the DVS trust framework (so far as relevant).
(7) If a designated supplementary code is revised, the code before and after the revision are treated as the same code for the purposes of this Part.”—(Sir John Whittingdale.)
This amendment sets out the consequences where there are changes to a recognised supplementary code and, in particular, what needs to be done for the code to remain a recognised supplementary code.
Brought up, read the First and Second time, and added to the Bill.

New Clause 15 - Applications for approval and re-approval

“(1) The Secretary of State may determine—
(a) the form of an application for approval or re-approval under section (Approval of a supplementary code),
(b) the information to be contained in or provided with the application,
(c) the documents to be provided with the application,
(d) the manner in which the application is to be submitted, and
(e) who may make the application.
(2) A determination may make different provision for different purposes.
(3) The Secretary of State must publish a determination.
(4) The Secretary of State may revise a determination.
(5) If the Secretary of State revises a determination the Secretary of State must publish the determination as revised.”—(Sir John Whittingdale.)
This amendment enables the Secretary of State to determine the process for making a valid application for approval of a supplementary code.
Brought up, read the First and Second time, and added to the Bill.

New Clause 16 - Fees for approval, re-approval and continued approval

“(1) The Secretary of State may determine that a person who applies for approval or re-approval of a supplementary code under section (Approval of a supplementary code) must pay a fee to the Secretary of State of an amount specified in the determination.
(2) A determination under subsection (1) may specify an amount which exceeds the administrative costs of determining the application for approval or re-approval.
(3) The Secretary of State may determine that a fee is payable to the Secretary of State, of an amount and at times specified in the determination, in connection with the continued approval of a supplementary code.
(4) A determination under subsection (3)—
(a) may specify an amount which exceeds the administrative costs associated with the continued approval of a supplementary code, and
(b) must specify, or describe, who must pay the fee.
(5) A fee payable under subsection (3) is recoverable summarily (or, in Scotland, recoverable) as a civil debt.
(6) A determination may make different provision for different purposes.
(7) The Secretary of State must publish a determination.
(8) The Secretary of State may revise a determination.
(9) If the Secretary of State revises a determination the Secretary of State must publish the determination as revised.”—(Sir John Whittingdale.)
This amendment enables the Secretary of State to determine that a fee is payable for approval/re-approval/continued approval of a supplementary code and the amount of such a fee.
Brought up, read the First and Second time, and added to the Bill.

New Clause 17 - Request for withdrawal of approval

“(1) The Secretary of State must withdraw approval of a supplementary code if—
(a) the Secretary of State receives a notice requesting the withdrawal of approval of the supplementary code, and
(b) the notice complies with any requirements imposed by a determination under subsection (3).
(2) Before the day on which the approval is withdrawn, the Secretary of State must inform the person who gave the notice of when it will be withdrawn.
(3) The Secretary of State may determine—
(a) the form of a notice,
(b) the information to be contained in or provided with the notice,
(c) the documents to be provided with the notice,
(d) the manner in which the notice is to be submitted,
(e) who may give the notice.
(4) A determination may make different provision for different purposes.
(5) The Secretary of State must publish a determination.
(6) The Secretary of State may revise a determination.
(7) If the Secretary of State revises a determination the Secretary of State must publish the determination as revised.”—(Sir John Whittingdale.)
This amendment enables a supplementary code to be “de-approved”, on request.
Brought up, read the First and Second time, and added to the Bill.

New Clause 18 - Removal of designation

“(1) The Secretary of State may determine to remove the designation of a supplementary code.
(2) A determination must—
(a) be published, and
(b) specify when the designation is to be removed, which must be a time after the end of the period of 21 days beginning with the day on which the determination is published.”—(Sir John Whittingdale.)
This amendment enables the Secretary of State to determine that a designated supplementary code should cease to be designated.
Brought up, read the First and Second time, and added to the Bill.

New Clause 19 - Registration of additional services

“(1) Subsection (2) applies if—
(a) a person is registered in the DVS register,
(b) the person applies for their entry in the register to be amended to record additional digital verification services that the person provides in accordance with the main code,
(c) the person holds a certificate from an accredited conformity assessment body certifying that the person provides the additional services in accordance with the main code,
(d) the application complies with any requirements imposed by a determination under section 51, and
(e) the person pays any fee required to be paid by a determination under section 52(1).
(2) The Secretary of State must amend the DVS register to record that the person is also registered in respect of the additional services referred to in subsection (1).
(3) For the purposes of subsection (1)(c), a certificate is to be ignored if—
(a) it has expired in accordance with its terms,
(b) it has been withdrawn by the body that issued it, or
(c) it is required to be ignored by reason of provision included in the DVS trust framework under 49(10).”—(Sir John Whittingdale.)
This amendment provides for a person to apply to add services to their entry in the DVS register and requires the Secretary of State to amend the register to record that a person is registered in respect of the additional services.
Brought up, read the First and Second time, and added to the Bill.

New Clause 20 - Supplementary notes

“(1) Subsection (2) applies if—
(a) a person holds a certificate from an accredited conformity assessment body certifying that digital verification services provided by the person are provided in accordance with a recognised supplementary code,
(b) the person applies for a note about one or more of the services to which the certificate relates to be included in the entry relating to that person in the DVS register,
(c) the application complies with any requirements imposed by a determination under section 51, and
(d) the person pays any fee required to be paid by a determination under section 52(1).
(2) The Secretary of State must include a note in the entry relating to the person in the DVS register recording that the person provides, in accordance with the recognised supplementary code referred to in subsection (1), the services in respect of which the person made the application referred to in that subsection.
(3) The Secretary of State may not otherwise include a note described in subsection (2) in the DVS register.
(4) For the purposes of subsection (1)(a), a certificate is to be ignored if—
(a) it has expired in accordance with its terms,
(b) it has been withdrawn by the body that issued it, or
(c) subsection (5) applies.
(5) This subsection applies if—
(a) the recognised supplementary code to which the certificate relates has been revised since the certificate was issued,
(b) the certificate was issued before the revision to the supplementary code took effect, and
(c) the supplementary code (as revised) provides—
(i) that certificates issued before the time the revision takes effect are required to be ignored, or
(ii) that such certificates are to be ignored from a date, or from the end of a period, specified in the code and that date has passed or that period has elapsed.
(6) In this Part, a note included in the DVS register in accordance with subsection (2) is referred to as a supplementary note.”—(Sir John Whittingdale.)
This amendment provides for a person to apply for a note to be included in the DVS register that they provide digital verification services in accordance with a recognised supplementary code.
Brought up, read the First and Second time, and added to the Bill.

New Clause 21 - Addition of services to supplementary notes

“(1) Subsection (2) applies if—
(a) a person has a supplementary note included in the DVS register,
(b) the person applies for the note to be amended to record additional digital verification services that the person provides in accordance with a recognised supplementary code,
(c) the person holds a certificate from an accredited conformity assessment body certifying that the person provides the additional services in accordance with the recognised supplementary code referred to in paragraph (b),
(d) the application complies with any requirements imposed by a determination under section 51, and
(e) the person pays any fee required to be paid by a determination under section 52(1).
(2) The Secretary of State must amend the note to record that the person also provides the additional services referred to in subsection (1) in accordance with the recognised supplementary code referred to in that subsection.
(3) For the purposes of subsection (1)(c), a certificate is to be ignored if—
(a) it has expired in accordance with its terms,
(b) it has been withdrawn by the body that issued it, or
(c) subsection (4) applies.
(4) This subsection applies if—
(a) the recognised supplementary code to which the certificate relates has been revised since the certificate was issued,
(b) the certificate was issued before the revision to the supplementary code took effect, and
(c) the supplementary code (as revised) provides—
(i) that certificates issued before the time the revision takes effect are required to be ignored, or
(ii) that such certificates are to be ignored from a date, or from the end of a period, specified in the code and that date has passed or that period has elapsed.”—(Sir John Whittingdale.)
This amendment provides for a person to add services to their supplementary note in the DVS register and requires the Secretary of State to amend the note to record that a person is registered in respect of the additional services.
Brought up, read the First and Second time, and added to the Bill.

New Clause 22 - Duty to remove services from the DVS register

“(1) Where a person is registered in the DVS register in respect of digital verification services, subsection (2) applies if the person—
(a) asks for the register to be amended so that the person is no longer registered in respect of one or more of those services,
(b) ceases to provide one or more of those services, or
(c) no longer holds a certificate from an accredited conformity assessment body certifying that all of those services are provided in accordance with the main code.
(2) The Secretary of State must amend the register to record that the person is no longer registered in respect of (as the case may be)—
(a) the service or services mentioned in a request described in subsection (1)(a),
(b) the service or services which the person has ceased to provide, or
(c) the service or services for which there is no longer a certificate as described in subsection (1)(c).
(3) For the purposes of subsection (1)(c), a certificate is to be ignored if—
(a) it has expired in accordance with its terms,
(b) it has been withdrawn by the body that issued it, or
(c) it is required to be ignored by reason of provision included in the DVS trust framework under section 49(10).”—(Sir John Whittingdale.)
This amendment places the Secretary of State under a duty to amend the DVS register, in certain circumstances, to record that a person is no longer registered in respect of certain services.
Brought up, read the First and Second time, and added to the Bill.

New Clause 23 - Duty to remove supplementary notes from the DVS register

“(1) The Secretary of State must remove a supplementary note included in the entry in the DVS register relating to a person if—
(a) the person asks for the note to be removed,
(b) the person ceases to provide all of the digital verification services to which the note relates,
(c) the person no longer holds a certificate from an accredited conformity assessment body certifying that at least one of those digital verification services is provided in accordance with the supplementary code, or
(d) the person continues to hold a certificate described in paragraph (c) but the supplementary code is not a recognised supplementary code.
(2) For the purposes of subsection (1)(c) and (d), a certificate is to be ignored if—
(a) it has expired in accordance with its terms,
(b) it has been withdrawn by the body that issued it, or
(c) subsection (3) applies.
(3) This subsection applies if—
(a) the supplementary code to which the certificate relates has been revised since the certificate was issued,
(b) the certificate was issued before the revision to the supplementary code took effect, and
(c) the supplementary code (as revised) provides—
(i) that certificates issued before the time the revision takes effect are required to be ignored, or
(ii) that such certificates are to be ignored from a date, or from the end of a period, specified in the code and that date has passed or that period has elapsed.”—(Sir John Whittingdale.)
This amendment sets out the circumstances in which the Secretary of State must remove a supplementary note from the DVS register.
Brought up, read the First and Second time, and added to the Bill.

New Clause 24 - Duty to remove services from supplementary notes

“(1) Where a person has a supplementary note included in their entry in the DVS register in respect of digital verification services, subsection (2) applies if the person—
(a) asks for the register to be amended so that the note no longer records one or more of those services,
(b) ceases to provide one or more of the services recorded in the note, or
(c) no longer holds a certificate from an accredited conformity assessment body certifying that all of the services included in the note are provided in accordance with a supplementary code.
(2) The Secretary of State must amend the supplementary note so it no longer records (as the case maA24y be)—
(a) the service or services mentioned in a request described in subsection (1)(a),
(b) the service or services which the person has ceased to provide, or
(c) the service or services for which there is no longer a certificate as described in subsection (1)(c).
(3) For the purposes of subsection (1)(c), a certificate is to be ignored if—
(a) it has expired in accordance with its terms,
(b) it has been withdrawn by the body that issued it, or
(c) subsection (4) applies.
(4) This subsection applies if—
(a) the supplementary code to which the certificate relates has been revised since the certificate was issued,
(b) the certificate was issued before the revision to the supplementary code took effect, and
(c) the supplementary code (as revised) provides—
(i) that certificates issued before the time the revision takes effect are required to be ignored, or
(ii) that such certificates are to be ignored from a date, or from the end of a period, specified in the code and that date has passed or that period has elapsed.”—(Sir John Whittingdale.)
This amendment places the Secretary of State under a duty to amend a supplementary note on the DVS register relating to a person, in certain circumstances, to remove reference to certain services from the note.
Brought up, read the First and Second time, and added to the Bill.

New Clause 25 - Index of defined terms for Part 2

“The Table below lists provisions that define or otherwise explain terms defined for the purposes of this Part of this Act.

  

  Term
  Provision


  accredited conformity assessment body
  section 50(7)


  approved supplementary code
  section (Approval of a supplementary code)(6)


  designated supplementary code
  section (Designation of a supplementary code)(3)


  digital verification services
  section 48(2)


  the DVS register
  section 50(2)


  the DVS trust framework
  section 49(2)(a)


  the main code
  section 49(2)(b)


  recognised supplementary code
  section (List of recognised supplementary codes)(2)


  supplementary code
  section 49(2)(c)


  supplementary note
  section (Supplementary notes)(6)”

  

—(Sir John Whittingdale.)
This amendment provides an index of terms which are defined in Part 2.
Brought up, read the First and Second time, and added to the Bill.

New Clause 26 - Powers relating to verification of identity or status

“(1) In section 15 of the Immigration, Asylum and Nationality Act 2006 (penalty for employing a person subject to immigration control), after subsection (7) insert—
“(8) An order under subsection (3) containing provision described in subsection (7)(a), (b) or (c) may, in particular—
(a) specify a document generated by a DVS-registered person or a DVS-registered person of a specified description;
(b) specify a document which was provided to such a person in order to generate such a document;
(c) specify steps involving the use of services provided by such a person.
(9) In subsection (8), “DVS-registered person” means a person who is registered in the DVS register maintained under Part 2 of the Data Protection and Digital Information Act 2024 (“the DVS register”).
(10) An order under subsection (3) which specifies a description of DVS-registered person may do so by, for example, describing a DVS-registered person whose entry in the DVS register includes a note relating to specified services (see section (Supplementary notes) of the Data Protection and Digital Information Act 2024).”
(2) In section 34 of the Immigration Act 2014 (requirements which may be prescribed for the purposes of provisions about occupying premises under a residential tenancy agreement)—
(a) in subsection (1)—
(i) in paragraph (a), after “occupiers” insert “, a DVS-registered person or a DVS-registered person of a prescribed description”,
(ii) in paragraph (b), after “occupiers” insert “, a DVS-registered person or a DVS-registered person of a prescribed description”, and
(iii) in paragraph (c), at the end insert “, including steps involving the use of services provided by a DVS-registered person or a DVS-registered person of a prescribed description”, and
(b) after that subsection insert—
“(1A) An order prescribing requirements for the purposes of this Chapter which contains provision described in subsection (1)(a) or (b) may, in particular—
(a) prescribe a document generated by a DVS-registered person or a DVS-registered person of a prescribed description;
(b) prescribe a document which was provided to such a person in order to generate such a document.
(1B) In subsections (1) and (1A), “DVS-registered person” means a person who is registered in the DVS register maintained under Part 2 of the Data Protection and Digital Information Act 2024 (“the DVS register”).
(1C) An order prescribing requirements for the purposes of this Chapter which prescribes a description of DVS-registered person may do so by, for example, describing a DVS-registered person whose entry in the DVS register includes a note relating to prescribed services (see section (Supplementary notes) of the Data Protection and Digital Information Act 2024).”
(3) In Schedule 6 to the Immigration Act 2016 (illegal working compliance orders etc), after paragraph 5 insert—
“Prescribed checks and documents
5A (1) Regulations under paragraph 5(6)(b) or (c) may, in particular—
(a) prescribe checks carried out using services provided by a DVS-registered person or a DVS-registered person of a prescribed description;
(b) prescribe documents generated by such a person;
(c) prescribe documents which were provided to such a person in order to generate such documents.
(2) In sub-paragraph (1), “DVS-registered person” means a person who is registered in the DVS register maintained under Part 2 of the Data Protection and Digital Information Act 2024 (“the DVS register”).
(3) Regulations under paragraph 5(6)(b) or (c) which prescribe a description of DVS-registered person may do so by, for example, describing a DVS-registered person whose entry in the DVS register includes a note relating to prescribed services (see section (Supplementary notes) of the Data Protection and Digital Information Act 2024).””—(Sir John Whittingdale.)
This amendment contains amendments of powers to make subordinate legislation so they can be exercised so as to make provision by reference to persons registered in the DVS register established under Part 2 of the Bill.
Brought up, read the First and Second time, and added to the Bill.

New Clause 27 - Interface bodies

“(1) This section is about the provision that regulations under section 66 or 68 may (among other things) contain about bodies with one or more of the following tasks—
(a) establishing a facility or service used, or capable of being used, for providing, publishing or otherwise processing customer data or business data or for taking action described in section 66(3) (an “interface”);
(b) setting standards (“interface standards”), or making other arrangements (“interface arrangements”), for use by other persons when establishing, maintaining or managing an interface;
(c) maintaining or managing an interface, interface standards or interface arrangements.
(2) Such bodies are referred to in this Part as “interface bodies”.
(3) The regulations may—
(a) require a data holder, an authorised person or a third party recipient to set up an interface body;
(b) make provision about the type of body to be set up.
(4) In relation to an interface body (whether or not it is required to be set up by regulations under section 66 or 68), the regulations may—
(a) make provision about the body’s composition and governance;
(b) make provision requiring a data holder, an authorised person or a third party recipient to provide, or arrange for, assistance for the body;
(c) impose other requirements relating to the body on a person required to set it up or to provide, or arrange for, assistance for the body;
(d) make provision requiring the body to carry on all or part of a task described in subsection (1);
(e) make provision requiring the body to do other things in connection with its interface, interface standards or interface arrangements;
(f) make provision about how the body carries out its functions (such as, for example, provision about the body’s objectives or matters to be taken into account by the body);
(g) confer powers on the body for the purpose of monitoring use of its interface, interface standards or interface arrangements (“monitoring powers”) (and see section 71 for provision about enforcement of requirements imposed in exercise of those powers);
(h) make provision for the body to arrange for its monitoring powers to be exercised by another person;
(i) make provision about the rights of persons affected by the exercise of the body’s functions under the regulations, including (among other things)—
(i) provision about the review of decisions made in exercise of those functions;
(ii) provision about appeals to a court or tribunal;
(j) make provision about complaints, including provision requiring the body to implement procedures for the handling of complaints;
(k) make provision enabling or requiring the body to publish, or provide to a specified person, specified documents or information relating to its interface, interface standards or interface arrangements;
(l) make provision enabling or requiring the body to produce guidance about how it proposes to exercise its functions under the regulations, to publish the guidance and to provide copies to specified persons.
(5) The monitoring powers that may be conferred on an interface body include power to require the provision of documents or information (but such powers are subject to the  restrictions in section 72 as well as any restrictions included in the regulations).
(6) Examples of facilities or services referred to in subsection (1) include dashboard services, other electronic communications services and application programming interfaces.
(7) In subsection (4)(b) and (c), the references to assistance include actual or contingent financial assistance (such as, for example, a grant, loan, guarantee or indemnity or buying a company’s share capital).”—(Sir John Whittingdale.)
This new clause enables regulations under Part 3 to make provision about bodies providing facilities or services used for providing, publishing or processing customer data or business data, or setting standards or making other arrangements in connection with such facilities or services.
Brought up, read the First and Second time, and added to the Bill.

New Clause 28 - The FCA and financial services interfaces

“(1) The Treasury may by regulations make provision enabling or requiring the Financial Conduct Authority (“the FCA”) to make rules—
(a) requiring financial services providers described in the regulations to use a prescribed interface, or prescribed interface standards or interface arrangements, when providing or receiving customer data or business data which is required to be provided by or to the financial services provider by data regulations;
(b) requiring persons described in the regulations to use a prescribed interface, or prescribed interface standards or interface arrangements, when the person, in the course of a business, receives, from a financial services provider, customer data or business data which is required to be provided to the person by data regulations;
(c) imposing interface-related requirements on a description of person falling within subsection (2),
and such rules are referred to in this Part as “FCA interface rules”.
(2) The following persons fall within this subsection—
(a) an interface body linked to the financial services sector on which requirements are imposed by regulations made in reliance on section (Interface bodies);
(b) a person required by regulations made in reliance on section (Interface bodies) to set up an interface body linked to the financial services sector;
(c) a person who uses an interface, interface standards or interface arrangements linked to the financial services sector or who is required to do so by data regulations or rules made by virtue of regulations under subsection (1)(a) or (b).
(3) For the purposes of this section, requirements are interface-related if they relate to—
(a) the composition, governance or activities of an interface body linked to the financial services sector,
(b) an interface, interface standards or interface arrangements linked to the financial services sector, or
(c) the use of such an interface, such interface standards or such interface arrangements.
(4) For the purposes of this section—
(a) an interface body is linked to the financial services sector to the extent that its interface, interface standards or interface arrangements are linked to the financial service sector;
(b) interfaces, interface standards and interface arrangements are linked to the financial services sector to the extent that they are used, or intended to   be used, by financial services providers (whether or not they are used, or intended to be used, by other persons).
(5) The Treasury may by regulations make provision enabling or requiring the FCA to impose requirements on a person to whom FCA interface rules apply (referred to in this Part as “FCA additional requirements”) where the FCA considers it appropriate to impose the requirement—
(a) in response to a failure, or likely failure, by the person to comply with an FCA interface rule or FCA additional requirement, or
(b) in order to advance a purpose which the FCA is required to advance when exercising functions  conferred by regulations under this section (see section (The FCA and financial services interfaces: supplementary)(3)(a)).
(6) Regulations under subsection (5) may, for example, provide for the FCA to impose requirements by giving a notice or direction.
(7) The restrictions in section 72 apply in connection with FCA interface rules and FCA additional requirements as they apply in connection with regulations under this Part.
(8) In section 72 as so applied—
(a) the references in subsections (1)(b) and (8) to an enforcer include the FCA, and
(b) the references in subsections (3) and (4) to data regulations include FCA interface rules and FCA additional requirements.
(9) In this section—
“financial services provider” means a person providing financial services;
“prescribed” means prescribed in FCA interface rules.”—(Sir John Whittingdale.)
This new clause and new clause NC29 enable the Treasury, by regulations, to confer powers on the Financial Conduct Authority to impose requirements (by means of rules or otherwise) on interface bodies used by the financial services sector and on persons participating in, or using facilities and services provided by, such bodies.
Brought up, read the First and Second time, and added to the Bill.

New Clause 29 - The FCA and financial services interfaces: supplementary

“(1) This section is about provision that regulations under section (The FCA and financial services interfaces) may or must (among other things) contain.
(2) The regulations—
(a) may enable or require the FCA to impose interface-related requirements that could be imposed by regulations made in reliance on section (Interface bodies)(4) or (5), but
(b) may not enable or require the FCA to require a person to set up an interface body.
(3) The regulations must—
(a) require the FCA, so far as is reasonably possible, to exercise functions conferred by the regulations in a manner which is compatible with, or which advances, one or more specified purposes;
(b) specify one or more matters to which the FCA must have regard when exercising functions conferred by the regulations;
(c) if they enable or require the FCA to make rules, make provision about the procedure for making rules, including provision requiring such consultation with persons likely to be affected by the rules or representatives of such persons as the FCA considers appropriate.
(4) The regulations may—
(a) require the FCA to carry out an analysis of the costs and benefits that will arise if proposed rules are made or proposed changes are made to rules and make provision about what the analysis must include;
(b) require the FCA to publish rules or changes to rules and to provide copies to specified persons;
(c) make provision about the effect of rules, including provision about circumstances in which rules are void and circumstances in which a person is not to be taken to have contravened a rule;
(d) make provision enabling or requiring the FCA to modify or waive rules as they apply to a particular case;
(e) make provision about the procedure for imposing FCA additional requirements;
(f) make provision enabling or requiring the FCA to produce guidance about how it proposes to exercise its functions under the regulations, to publish the guidance and to provide copies to specified persons.
(5) The regulations may enable or require the FCA to impose the following types of requirement on a person as FCA additional requirements—
(a) a requirement to review the person’s conduct;
(b) a requirement to take remedial action;
(c) a requirement to make redress for loss or damage suffered by others as a result of the person’s conduct.
(6) The regulations may enable or require the FCA to make rules requiring a person falling within section (The FCA and financial services interfaces)(2)(b) or (c) to pay fees to an interface body for the purpose of meeting expenses incurred, or to be incurred, by such a body in performing duties, or exercising powers, imposed or conferred by regulations under this Part or by rules made by virtue of regulations under section (The FCA and financial services interfaces).
(7) Regulations made in reliance on subsection (6)—
(a) may enable rules to provide for the amount of a fee to be an amount which is intended to exceed the cost of the things in respect of which the fee is charged;
(b) must require rules to provide for the amount of a fee to be—
(i) a prescribed amount or an amount determined in accordance with the rules, or
(ii) an amount not exceeding such an amount;
(c) may enable or require rules to provide for the amount, or maximum amount, of a fee to increase at specified times and by—
(i) a prescribed amount or an amount determined in accordance with the rules, or
(ii) an amount not exceeding such an amount;
(d) if they enable rules to enable a person to determine an amount, must require rules to require the person to publish information about the amount and how it is determined;
(e) may enable or require rules to make provision about—
(i) interest on any unpaid amounts;
(ii) the recovery of unpaid amounts.
(8) In this section—
“interface-related” has the meaning given in section (The FCA and financial services interfaces);
“prescribed” means prescribed in FCA interface rules.
(9) The reference in subsection (5)(c) to making redress includes—
(a) paying interest, and
(b) providing redress in the form of a remedy or relief which could not be awarded in legal proceedings.”—(Sir John Whittingdale.)
See the explanatory statement for new clause NC28.
Brought up, read the First and Second time, and added to the Bill.

New Clause 30 - The FCA and financial services interfaces: penalties and levies

“(1) Subsections (2) and (3) are about the provision that regulations made by the Treasury under this Part providing for the FCA to enforce requirements under FCA interface rules may (among other things) contain in relation to financial penalties.
(2) The regulations may require or enable the FCA—
(a) to set the amount or maximum amount of, or of an increase in, a penalty imposed in respect of failure to comply with a requirement imposed by the FCA in exercise of a power conferred by regulations under section (The FCA and financial services interfaces) (whether imposed by means of FCA interface rules or an FCA additional requirement), or
(b) to set the method for determining such an amount.
(3) Regulations made in reliance on subsection (2)—
(a) must require the FCA to produce and publish a statement of its policy with respect to the amount of the penalties;
(b) may require the policy to include specified matters;
(c) may make provision about the procedure for producing the statement;
(d) may require copies of the statement to be provided to specified persons;
(e) may require the FCA to have regard to a statement published in accordance with the regulations.
(4) The Treasury may by regulations—
(a) impose, or provide for the FCA to impose, a levy on data holders, authorised persons or third party recipients for the purpose of meeting all or part of the expenses incurred, or to be incurred, during a period by the FCA, or by a person acting on the FCA’s behalf, in performing duties, or exercising powers, imposed or conferred on the FCA by regulations under section (The FCA and financial services interfaces), and
(b) make provision about how funds raised by means of the levy must or may be used.
(5) Regulations under subsection (4) may only provide for a levy in respect of expenses of the FCA to be imposed on persons that appear to the Treasury to be capable of being directly affected by the exercise of some or all of the functions conferred on the FCA by regulations under section (The FCA and financial services interfaces).
(6) Section 75(3) and (4) apply in relation to regulations under subsection (4) of this section as they apply in relation to regulations under section 75(1).”—(Sir John Whittingdale.)
This new clause enables the Treasury, by regulations, to confer power on the Financial Conduct Authority to set the amount of certain penalties. It also enables the Treasury to impose a levy in respect of expenses incurred by that Authority.
Brought up, read the First and Second time, and added to the Bill.

New Clause 31 - Liability in damages

“(1) The Secretary of State or the Treasury may by regulations provide that a person listed in subsection (2) is not liable in damages for anything done or omitted to be done in the exercise of functions conferred by regulations under this Part.
(2) Those persons are—
(a) a public authority;
(b) a member, officer or member of staff of a public authority;
(c) a person who could be held vicariously liable for things done or omitted by a public authority.
(3) Regulations under this section may not—
(a) make provision removing liability for an act or omission which is shown to have been in bad faith, or
(b) make provision so as to prevent an award of damages made in respect of an act or omission on the ground that the act or omission was unlawful as a result of section 6(1) of the Human Rights Act 1998.”— (Sir John Whittingdale.)
This new clause enables regulations under Part 3 to provide that certain persons are not liable in damages when exercising functions under such regulations.
Brought up, read the First and Second time, and added to the Bill.

New Clause 32 - Other data provision

“(1) This section is about cases in which subordinate legislation other than regulations under this Part contains provision described in section 66(1) to (3) or 68(1) to (2A) (“other data provision”).
(2) The regulation-making powers under this Part may be exercised so as to make, in connection with the other data provision, any provision that they could be exercised to make as part of, or in connection with, provision made under section 66(1) to (3) or 68(1) to (2A) that is equivalent to the other data provision.
(3) In this Part, references to “data regulations” include regulations made in reliance on subsection (2) to the extent that they make provision described in sections 66 to 70 or (Interface bodies).
(4) In this section, “subordinate legislation” has the same meaning as in the Interpretation Act 1978 (see section 21 of that Act).”—(Sir John Whittingdale.)
This new clause enables the regulation-making powers under Part 3 to be used to supplement existing subordinate legislation which requires customer data or business data to be provided to customers and others.
Brought up, read the First and Second time, and added to the Bill.

New Clause 33 - Duty to notify the Commissioner of personal data breach: time periods

“(1) In regulation 5A of the PEC Regulations (personal data breach)—
(a) in paragraph (2), after “delay” insert “and, where feasible, not later than 72 hours after having become aware of it”, and
(b) after paragraph (3) insert—
“(3A) Where notification under paragraph (2) is not made within 72 hours, it must be accompanied by reasons for the delay.”
(2) In Article 2 of Commission Regulation (EU) No 611/2013 of 24 June 2013 on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC of the European Parliament and of the Council on privacy and electronic communications (notification to the Information Commissioner)—
(a) in paragraph 2—
(i) in the first subparagraph, for the words from “no” to “feasible” substitute “without undue delay and, where feasible, not later than 72 hours after having becoming aware of it”, and
(ii) in the second subparagraph, after “shall” insert “, subject to paragraph 3,”, and
(b) for paragraph 3 substitute—
“3. To the extent that the information set out in Annex 1 is not available to be included in the notification, it may be provided in phases without undue further delay.””—(Sir John Whittingdale.)
This adjusts the period within which the Information Commissioner must be notified of a personal data breach. It also inserts a duty (into the PEC Regulations) to give reasons for not notifying within 72 hours and adjusts the duty (in Commission Regulation (EU) No 611/2013) to provide accompanying information.
Brought up, read the First and Second time, and added to the Bill.

New Clause 34 - Power to require information for social security purposes

“In Schedule (Power to require information for social security purposes)—
(a) Part 1 amends the Social Security Administration Act 1992 to make provision about a power for the Secretary of State to obtain information for social security purposes;
(b) Part 2 amends the Social Security Administration (Northern Ireland) Act 1992 to make provision about a power for the Department for Communities to obtain information for such purposes;
(c) Part 3 makes related amendments of the Proceeds of Crime Act 2002.”—(Sir John Whittingdale.)
This new clause introduces a new Schedule NS1 which amends social security legislation to make provision about a new power for the Secretary of State or, in Northern Ireland, the Department for Communities, to obtain information for social security purposes.
Brought up, read the First and Second time, and added to the Bill.

New Clause 35 - Retention of information by providers of internet services in connection with death of child

“(1) The Online Safety Act 2023 is amended as follows.
(2) In section 100 (power to require information)—
(a) omit subsection (7);
(b) after subsection (8) insert—
“(8A) The power to give a notice conferred by subsection (1) does not include power to require processing of personal data that would contravene the data protection legislation (but in determining whether processing of personal data would do so, the duty imposed by the notice is to be taken into account).”
(3) In section 101 (information in connection with investigation into death of child)—
(a) before subsection (1) insert—
“(A1) Subsection (D1) applies if a senior coroner (in England and Wales), a procurator fiscal (in Scotland) or a coroner (in Northern Ireland) (“the investigating authority”)—
(a) notifies OFCOM that—
(i) they are conducting an investigation, or are due to conduct an investigation, in connection with the death of a child, and
(ii) they suspect that the child may have taken their own life, and
(b) provides OFCOM with the details in subsection (B1).
(B1) The details are—
(a) the name of the child who has died,
(b) the child’s date of birth,
(c) any email addresses used by the child (so far as the investigating authority knows), and
(d) if any regulated service has been brought to the attention of the investigating authority as being of interest in connection with the child’s death, the name of the service.
(C1) Where this subsection applies, OFCOM—
(a) must give a notice to the provider of a service within subsection (E1) requiring the provider to ensure the retention of information relating to the use of the service by the child who has died, and
(b) may give a notice to any other relevant person requiring the person to ensure the retention of information relating to the use of a service within subsection (E1) by that child.
(D1) The references in subsection (C1) to ensuring the retention of information relating to the child’s use of a service include taking all reasonable steps, without delay, to prevent the deletion of such information by the routine operation of systems or processes.
(E1) A service is within this subsection if it is—
(a) a regulated service of a kind described in regulations made by the Secretary of State, or
(b) a regulated service notified to OFCOM by the investigating authority as described in subsection (B1)(d).
(F1) A notice under subsection (C1) may require information described in that subsection to be retained only if it is information—
(a) of a kind which OFCOM have power to require under a notice under subsection (1) (see, in particular, subsection (2)(a) to (d)), or
(b) which a person might need to retain to enable the person to provide information in response to a notice under subsection (1) (if such a notice were given).
(G1) OFCOM must share with the investigating authority any information they receive in response to requirements mentioned in section 102(5A)(d) that are included in a notice under subsection (C1).”
(b) in subsection (3), for “power conferred by subsection (1) includes” substitute “powers conferred by this section include”;
(c) after subsection (5) insert—
“(5A) The powers to give a notice conferred by this section do not include power to require processing of personal data that would contravene the data protection legislation (but in determining whether processing of personal data would do so, the duty imposed by the notice is to be taken into account).”
(4) In section 102 (information notices)—
(a) in subsection (1), for “101(1)” substitute “101(C1) or (1)”;
(b) in subsection (3)—
(i) after “information notice” insert “under section 100(1) or 101(1)”,
(ii) omit “and” at the end of paragraph (c), and
(iii) after paragraph (c) insert—
“(ca) specify when the information must be provided (which may be on or by a specified date, within a specified period, or at specified intervals), and”;
(c) omit subsection (4);
(d) after subsection (5) insert—
“(5A) An information notice under section 101(C1) must—
(a) specify or describe the information to be retained,
(b) specify why OFCOM require the information to be retained,
(c) require the information to be retained for the period of one year beginning with the date of the notice,
(d) require the person to whom the notice is given—
(i) if the child to whom the notice relates used the service in question, to notify OFCOM by a specified date of steps taken to ensure the retention of information;
(ii) if the child did not use the service, or the person does not hold any information of the kind required, to notify OFCOM of that fact by a specified date, and
(e) contain information about the consequences of not complying with the notice.
(5B) If OFCOM give an information notice to a person under section 101(C1), they may, in response to information received from the investigating authority, extend the period for which the person is required to retain information by a maximum period of six months.
(5C) The power conferred by subsection (5B) is exercisable—
(a) by giving the person a notice varying the notice under section 101(C1) and stating the further period for which information must be retained and the reason for the extension;
(b) any number of times.”;
(e) after subsection (9) insert—
“(9A) OFCOM must cancel an information notice under section 101(C1) by notice to the person to whom it was given if advised by the investigating authority that the information in question no longer needs to be retained.”
(f) in subsection (10), after the definition of “information” insert—
““the investigating authority” has the same meaning as in section 101;”.
(5) In section 109 (offences in connection with information notices)—
(a) in subsection (2)(b), for “all reasonable steps” substitute “all of the steps that it was reasonable, and reasonably practicable, to take”;
(b) after subsection (6) insert—
“(6A) A person who is given an information notice under section 101(C1) commits an offence if—
(a) the person deletes or alters, or causes or permits the deletion or alteration of, any information required by the notice to be retained, and
(b) the person’s intention was to prevent the information being available, or (as the case may be) to prevent it being available in unaltered form, for the purposes of any official investigation into the death of the child to whom the notice relates.
(6B) For the purposes of subsection (6A) information has been deleted if it is irrecoverable (however that occurred).”
(6) In section 110 (senior managers’ liability: information offences)—
(a) after subsection (6) insert—
“(6A) An individual named as a senior manager of an entity commits an offence if—
(a) the entity commits an offence under section 109(6A) (deletion etc of information), and
(b) the individual has failed to take all reasonable steps to prevent that offence being committed.”;
(b) in subsection (7), for “or (6)” substitute “, (6) or (6A)”.
(7) In section 113 (penalties for information offences), in subsection (2)—
(a) for “(4) or (5)” substitute “(4), (5) or (6A)”;
(b) for “(5) or (6)” substitute “(5), (6) or (6A)”.
(8) In section 114 (co-operation and disclosure of information: overseas regulators), in subsection (7), omit the definition of “the data protection legislation”.
(9) In section 225 (Parliamentary procedure for regulations), in subsection (10), after paragraph (c) insert—
“(ca) regulations under section 101(E1)(a),”
(10) In section 236(1) (interpretation)—
(a) after the definition of “country” insert—
““the data protection legislation” has the same meaning as in the Data Protection Act 2018 (see section 3(9) of that Act);”;
(b) in the definition of “information notice”, for “101(1)” substitute “101(C1) or (1)”.
(11) In section 237 (index of defined terms), after the entry for “CSEA content” insert—

  

  “the data protection legislation
  section 236”.”

  

—(Sir John Whittingdale.)
This new clause amends the Online Safety Act 2023 to enable OFCOM to give internet service providers a notice requiring them to retain information in connection with an investigation by a coroner (or, in Scotland, procurator fiscal) into the death of a child suspected to have taken their own life. The new clause also creates related offences.
Brought up, read the First and Second time, and added to the Bill.

New Clause 36 - Retention of biometric data and recordable offences

“(1) Part 1 of the Counter-Terrorism Act 2008 (powers to gather and share information) is amended in accordance with subsections (2) to (10).
(2) In section 18A(3) (retention of material: general), after “recordable offence” insert “or recordable-equivalent offence”.
(3) Section 18E (supplementary provision) is amended in accordance with subsections (4) to (10).
(4) In subsection (1), after the definition of “recordable offence” insert—
““recordable-equivalent offence” means an offence under the law of a country or territory outside England and Wales and Northern Ireland where the act constituting the offence would constitute a recordable offence if done in England and Wales or Northern Ireland (whether or not the act constituted such an offence when the person was convicted);”.
(5) In subsection (3), in the words before paragraph (a), after “offence” insert “in England and Wales or Northern Ireland”.
(6) After subsection (5) insert—
“(5A) For the purposes of section 18A, a person is to be treated as having been convicted of an offence in a country or territory outside England and Wales and Northern Ireland if, in respect of such an offence, a court exercising jurisdiction under the law of that country or territory has made a finding equivalent to—
(a) a finding that the person is not guilty by reason of insanity, or
(b) a finding that the person is under a disability and did the act charged against the person in respect of the offence.”
(7) In subsection (6)(a)—
(a) after “convicted” insert “—
(i) ‘”, and
(b) after “offence,” insert “or
(ii) in a country or territory outside England and Wales and Northern Ireland, of a recordable-equivalent offence,”.
(8) In subsection (6)(b)—
(a) omit “of a recordable offence”, and
(b) for “a recordable offence, other than a qualifying offence” substitute “an offence, other than a qualifying offence or qualifying-equivalent offence”.
(9) In subsection (7), for “subsection (6)” substitute “this section”.
(10) After subsection (7) insert—
“(7A) In subsection (6), “qualifying-equivalent offence” means an offence under the law of a country or territory outside England and Wales and Northern Ireland where the act constituting the offence would constitute a qualifying offence if done in England and Wales or Northern Ireland (whether or not the act constituted such an offence when the person was convicted).”
(11) The amendments made by this section apply only in connection with the retention of section 18 material that is or was obtained or acquired by a law enforcement authority—
(a) on or after the commencement day, or
(b) in the period of 3 years ending immediately before the commencement day.
(12) Subsection (13) of this section applies where—
(a) at the beginning of the commencement day, a law enforcement authority has section 18 material which it obtained or acquired in the period of 3 years ending immediately before the commencement day,
(b) at a time before the commencement day (a “pre-commencement time”), the law enforcement authority was required by section 18(4) of the Counter-Terrorism Act 2008 to destroy the material, and
(c) at the pre-commencement time, the law enforcement authority could have retained the material under section 18A of the Counter-Terrorism Act 2008, as it has effect taking account of the amendments made by subsections (2) to (10) of this section, if those amendments had been in force.
(13) Where this subsection applies—
(a) the law enforcement authority is to be treated as not having been required to destroy the material at the pre-commencement time, but
(b) the material may not be used in evidence against the person to whom the material relates—
(i) in criminal proceedings in England and Wales, Northern Ireland or Scotland in relation to an offence where those proceedings, or other criminal proceedings in relation to the person and the offence, were instituted before the commencement day, or
(ii) in criminal proceedings in any other country or territory.
(14) In this section—
“the commencement day” means the day on which this Act is passed;
“law enforcement authority” has the meaning given by section 18E(1) of the Counter-Terrorism Act 2008;
“section 18 material” has the meaning given by section 18(2) of that Act.
(15) For the purposes of this section, proceedings in relation to an offence are instituted—
(a) in England and Wales, when they are instituted for the purposes of Part 1 of the Prosecution of Offences Act 1985 (see section 15(2) of that Act);
(b) in Northern Ireland, when they are instituted for the purposes of Part 2 of the Justice (Northern Ireland) Act 2002 (see section 44(1) and (2) of that Act);
(c) in Scotland, when they are instituted for the purposes of Part 3 of the Proceeds of Crime Act 2002 (see section 151(1) and (2) of that Act).”—(Sir John Whittingdale.)
This new clause enables a law enforcement authority to retain fingerprints and DNA profiles where a person has been convicted of an offence equivalent to a recordable offence in a jurisdiction outside England and Wales and Northern Ireland.
Brought up, read the First and Second time, and added to the Bill.

New Clause 37 - Retention of pseudonymised biometric data

“(1) Part 1 of the Counter-Terrorism Act 2008 (powers to gather and share information) is amended in accordance with subsections (2) to (6).
(2) Section 18A (retention of material: general) is amended in accordance with subsections (3) to (5).
(3) In subsection (1), for “subsection (5)” substitute “subsections (4) to (9)”.
(4) In subsection (4)(a), after “relates” insert “(a “pseudonymised form”)”.
(5) After subsection (6) insert—
“(7) Section 18 material which is not a DNA sample may be retained indefinitely by a law enforcement authority if—
(a) the authority obtains or acquires the material directly or indirectly from an overseas law enforcement authority,
(b) the authority obtains or acquires the material in a form which includes information which identifies the person to whom the material relates,
(c) as soon as reasonably practicable after obtaining or acquiring the material, the authority takes the steps necessary for it to hold the material in a pseudonymised form, and
(d) having taken those steps, the law enforcement authority continues to hold the material in a pseudonymised form.
(8) In a case where section 18 material is being retained by a law enforcement authority under subsection (7), if—
(a) the law enforcement authority ceases to hold the material in a pseudonymised form, and
(b) the material relates to a person who has no previous convictions or only one exempt conviction,
the material may be retained by the law enforcement authority until the end of the retention period specified in subsection (9).
(9) The retention period is the period of 3 years beginning with the date on which the law enforcement authority first ceases to hold the material in a pseudonymised form.”
(6) In section 18E(1) (supplementary provision)—
(a) in the definition of “law enforcement authority”, for paragraph (d) substitute—
“(d) an overseas law enforcement authority;”, and
(b) after that definition insert—
““overseas law enforcement authority” means a person formed or existing under the law of a country or territory outside the United Kingdom so far as exercising functions which—
(a) correspond to those of a police force, or
(b) otherwise involve the investigation or prosecution of offences;”.
(7) The amendments made by this section apply only in connection with the retention of section 18 material that is or was obtained or acquired by a law enforcement authority—
(a) on or after the commencement day, or
(b) in the period of 3 years ending immediately before the commencement day.
(8) Subsections (9) to (12) of this section apply where, at the beginning of the commencement day, a law enforcement authority has section 18 material which it obtained or acquired in the period of 3 years ending immediately before the commencement day.
(9) Where the law enforcement authority holds the material in a pseudonymised form at the beginning of the commencement day, the authority is to be treated for the purposes of section 18A(7)(c) and (d) of the Counter-Terrorism Act 2008 as having—
(a) taken the steps necessary for it to hold the material in a pseudonymised form as soon as reasonably practicable after obtaining or acquiring the material, and
(b) continued to hold the material in a pseudonymised form until the commencement day.
(10) Where the law enforcement authority does not hold the material in a pseudonymised form at the beginning of the commencement day, the authority is to be treated for the purposes of section 18A(7)(c) of the Counter-Terrorism Act 2008 as taking the steps necessary for it to hold the material in a pseudonymised form as soon as reasonably practicable after obtaining or acquiring the material if it takes those steps on, or as soon as reasonably practicable after, the commencement day.
(11) Subsection (12) of this section applies where, at a time before the commencement day (a “pre-commencement time”), the law enforcement authority was required by section 18(4) of the Counter-Terrorism Act 2008 to destroy the material but—
(a) at the pre-commencement time, the law enforcement authority could have retained the material under section 18A(7) to (9) of the Counter-Terrorism Act 2008 (as inserted by this section) if those provisions had been in force, or
(b) on or after the commencement day, the law enforcement authority may retain the material under those provisions by virtue of subsection (9) or (10) of this section.
(12) Where this subsection applies—
(a) the law enforcement authority is to be treated as not having been required to destroy the material at the pre-commencement time, but
(b) the material may not be used in evidence against the person to whom the material relates—
(i) in criminal proceedings in England and Wales, Northern Ireland or Scotland in relation to an offence where those proceedings, or other criminal proceedings in relation to the person and the offence, were instituted before the commencement day, or
(ii) in criminal proceedings in any other country or territory.
(13) In this section—
“the commencement day” , “law enforcement authority” and “section 18 material” have the meaning given in section (Retention of biometric data and recordable offences)(14);
“instituted” , in relation to proceedings, has the meaning given in section (Retention of biometric data and recordable offences)(15);
“in a pseudonymised form” has the meaning given by section 18A(4) and (10) of the Counter-Terrorism Act 2008 (as amended or inserted by this section).”—(Sir John Whittingdale.)
This new clause enables a law enforcement authority to retain fingerprints and DNA profiles where, as soon as reasonably practicable after acquiring or obtaining them, the authority takes the steps necessary for it to hold the material in a form which does not include information which identifies the person to whom the material relates.
Brought up, read the First and Second time, and added to the Bill.

New Clause 38 - Retention of biometric data from INTERPOL

“(1) Part 1 of the Counter-Terrorism Act 2008 (powers to gather and share information) is amended in accordance with subsections (2) to (4).
(2) In section 18(4) (destruction of national security material not subject to existing statutory restrictions), after “18A” insert “, 18AA”.
(3) After section 18A insert—
“18AA Retention of material from INTERPOL
(1) This section applies to section 18 material which is not a DNA sample where the law enforcement authority obtained or acquired the material as part of a request for assistance, or a notification of a threat, sent to the United Kingdom via INTERPOL’s systems.
(2) The law enforcement authority may retain the material until the National Central Bureau informs the authority that the request or notification has been cancelled or withdrawn.
(3) If the law enforcement authority is the National Central Bureau, it may retain the material until it becomes aware that the request or notification has been cancelled or withdrawn.
(4) In this section—
“INTERPOL” means the organisation called the International Criminal Police Organization - INTERPOL;
“the National Central Bureau” means the body appointed for the time being in accordance with INTERPOL’s constitution to serve as the United Kingdom’s National Central Bureau.
(5) The reference in subsection (1) to material obtained or acquired as part of a request or notification includes material obtained or acquired as part of a communication, sent to the United Kingdom via INTERPOL’s systems, correcting, updating or otherwise supplementing the request or notification.
18AB Retention of material from INTERPOL: supplementary
(1) The Secretary of State may by regulations amend section 18AA to make such changes as the Secretary of State considers appropriate in consequence of—
(a) changes to the name of the organisation which, when section 18AA was enacted, was called the International Criminal Police Organization - INTERPOL (“the organisation”),
(b) changes to arrangements made by the organisation which involve fingerprints or DNA profiles being provided to members of the organisation (whether changes to existing arrangements or changes putting in place new arrangements), or
(c) changes to the organisation’s arrangements for liaison between the organisation and its members or between its members.
(2) Regulations under this section are subject to affirmative resolution procedure.”
(4) In section 18BA(5)(a) (retention of further fingerprints), after “18A” insert “, 18AA”.
(5) Section 18AA of the Counter-Terrorism Act 2008 applies in relation to section 18 material obtained or acquired by a law enforcement authority before the commencement day (as well as material obtained or acquired on or after that day), except where the law enforcement authority was informed, or became aware, as described in subsection (2) or (3) of that section before the commencement day.
(6) Subsection (7) of this section applies where—
(a) at the beginning of the commencement day, a law enforcement authority has section 18 material,
(b) at a time before the commencement day (a “pre-commencement time”), the law enforcement authority was required by section 18(4) of the Counter-Terrorism Act 2008 to destroy the material, but
(c) at the pre-commencement time, the law enforcement authority could have retained the material under section 18AA of that Act (as inserted by this section) if it had been in force.
(7) Where this subsection applies—
(a) the law enforcement authority is to be treated as not having been required to destroy the material at the pre-commencement time, but
(b) the material may not be used in evidence against the person to whom the material relates—
(i) in criminal proceedings in England and Wales, Northern Ireland or Scotland in relation to an offence where those proceedings, or other criminal proceedings in relation to the person and the offence, were instituted before the commencement day, or
(ii) in criminal proceedings in any other country or territory.
(8) In this section—
“the commencement day” , “law enforcement authority” and “section 18 material” have the meaning given in section (Retention of biometric data and recordable offences)(14);
“instituted” , in relation to proceedings, has the meaning given in section (Retention of biometric data and recordable offences)(15).”—(Sir John Whittingdale.)
This new clause enables fingerprints and DNA profiles obtained as part of a request for assistance, or notification of a threat, from INTERPOL and held for national security purposes by a law enforcement authority to be retained until the authority is informed that the request or notification has been withdrawn or cancelled.
Brought up, read the First and Second time, and added to the Bill.

New Clause 39 - National Underground Asset Register

“(1) After section 106 of the New Roads and Street Works Act 1991 insert—

“Part 3A - National Underground Asset Register: England and Wales“Part 3A

The register
106A National Underground Asset Register
(1) The Secretary of State must keep a register of information relating to apparatus in streets in England and Wales.
(2) The register is to be known as the National Underground Asset Register (and is referred to in this Act as “NUAR”).
(3) NUAR must be kept in such form and manner as may be prescribed.
(4) The Secretary of State must make arrangements so as to enable any person who is required, by a provision of Part 3, to enter information into NUAR to have access to NUAR for that purpose.
(5) Regulations under subsection (3) are subject to the negative procedure.
106B Access to information kept in NUAR
(1) The Secretary of State may by regulations make provision in connection with making information kept in NUAR available—
(a) under a licence, or
(b) without a licence.
(2) The regulations may (among other things)—
(a) make provision about which information, or descriptions of information, may be made available;
(b) make provision about the descriptions of person to whom information may be made available;
(c) make provision for information to be made available subject to exceptions;
(d) make provision requiring or authorising the Secretary of State to adapt, modify or obscure information before making it available;
(e) make provision authorising all information kept in NUAR to be made available to prescribed descriptions of person under prescribed conditions;
(f) make provision about the purposes for which information may be made available;
(g) make provision about the form and manner in which information may be made available.
(3) The regulations may make provision about licences under which information kept in NUAR is made available, including—
(a) provision about the form of a licence;
(b) provision about the terms and conditions of a licence;
(c) provision for information to be made available under a licence for free or for a fee;
(d) provision about the amount of the fees, including provision for the amount of a fee to be an amount which is intended to exceed the cost of the things in respect of which the fee is charged;
(e) provision about how funds raised by means of fees must or may be used, including provision for funds to be paid to persons who are required, by a provision of Part 3, to enter information into NUAR.
(4) Except as otherwise prescribed and subject to section 106G, processing of information by the Secretary of State in exercise of functions conferred by or under section 106A or this section does not breach—
(a) any obligation of confidence owed by the Secretary of State, or
(b) any other restriction on the processing of information (however imposed).
(5) Regulations under this section are subject to the affirmative procedure.
Requirements for undertakers to pay fees and provide information
106C Fees payable by undertakers in relation to NUAR
(1) The Secretary of State may by regulations make provision requiring undertakers having apparatus in a street to pay fees to the Secretary of State for or in connection with the exercise by the Secretary of State of any function conferred by or under this Part.
(2) The regulations may—
(a) specify the amounts of the fees, or the maximum amounts of the fees, or
(b) provide for the amounts of the fees, or the maximum amounts of the fees, to be determined in accordance with the regulations.
(3) In making the regulations the Secretary of State must seek to secure that, so far as possible and taking one year with another, the income from fees matches the expenses incurred by the Secretary of State in, or in connection with, exercising functions conferred by or under this Part (including expenses not directly connected with the keeping of NUAR).
(4) Except where the regulations specify the amounts of the fees—
(a) the amounts of the fees must be specified by the Secretary of State in a statement, and
(b) the Secretary of State must—
(i) publish the statement, and
(ii) lay it before Parliament.
(5) Regulations under subsection (1) may make provision about—
(a) when a fee is to be paid;
(b) the manner in which a fee is to be paid;
(c) the payment of discounted fees;
(d) exceptions to requirements to pay fees;
(e) the refund of all or part of a fee which has been paid.
(6) Before making regulations under subsection (1) the Secretary of State must consult—
(a) such representatives of persons likely to be affected by the regulations as the Secretary of State considers appropriate, and
(b) such other persons as the Secretary of State considers appropriate.
(7) Subject to the following provisions of this section regulations under subsection (1) are subject to the affirmative procedure.
(8) Regulations under subsection (1) that only make provision of a kind mentioned in subsection (2) are subject to the negative procedure.
(9) But the first regulations under subsection (1) that make provision of a kind mentioned in subsection (2) are subject to the affirmative procedure.
106D Providing information for purposes of regulations under section 106C
(1) The Secretary of State may by regulations make provision requiring undertakers having apparatus in a street to provide information to the Secretary of State for either or both of the following purposes—
(a) assisting the Secretary of State in determining the provision that it is appropriate for regulations under section 106C(1) or a statement under section 106C(4) to make;
(b) assisting the Secretary of State in determining whether it is appropriate to make changes to such provision.
(2) The Secretary of State may by regulations make provision requiring undertakers having apparatus in a street to provide information to the Secretary of State for either or both of the following purposes—
(a) ascertaining whether a fee is payable by a person under regulations under section 106C(1);
(b) working out the amount of a fee payable by a person.
(3) Regulations under subsection (1) or (2) may require an undertaker to notify the Secretary of State of any changes to information previously provided under the regulations.
(4) Regulations under subsection (1) or (2) may make provision about—
(a) when information is to be provided (which may be at prescribed intervals);
(b) the form and manner in which information is to be provided;
(c) exceptions to requirements to provide information.
(5) Regulations under subsection (1) or (2) are subject to the negative procedure.
Monetary penalties
106E Monetary penalties
Schedule 5A makes provision about the imposition of penalties in connection with requirements imposed by regulations under sections 106C(1) and 106D(1) and (2).
Exercise of functions by third party
106F Arrangements for third party to exercise functions
(1) The Secretary of State may make arrangements for a prescribed person to exercise a relevant function of the Secretary of State.
(2) More than one person may be prescribed.
(3) Arrangements under this section may—
(a) provide for the Secretary of State to make payments to the person, and
(b) make provision as to the circumstances in which any such payments are to be repaid to the Secretary of State.
(4) In the case of the exercise of a function by a person authorised by arrangements under this section to exercise that function, any reference in this Part or in regulations under this Part to the Secretary of State in connection with that function is to be read as a reference to that person.
(5) Arrangements under this section do not prevent the Secretary of State from exercising a function to which the arrangements relate.
(6) Except as otherwise prescribed and subject to section 106G, the disclosure of information between the Secretary of State and a person in connection with the person’s entering into arrangements under this section or exercise of functions to which such arrangements relate does not breach—
(a) any obligation of confidence owed by the person making the disclosure, or
(b) any other restriction on the disclosure of information (however imposed).
(7) Regulations under this section are subject to the affirmative procedure.
(8) In this section “relevant function” means any function of the Secretary of State conferred by or under this Part (including the function of charging or recovering fees under section 106C) other than—
(a) a power to make regulations, or
(b) a function under section 106C(4) (specifying of fees etc).
Data protection
106G Data protection
(1) A duty or power to process information that is imposed or conferred by or under this Part does not operate to require or authorise the processing of personal data that would contravene the data protection legislation (but in determining whether processing of personal data would do so, that duty or power is to be taken into account).
(2) In this section—
“the data protection legislation” has the same meaning as in the Data Protection Act 2018 (see section 3(9) of that Act);
“personal data” has the same meaning as in that Act (see section 3(2) of that Act).
Supplementary provisions
106H Regulations under this Part
(1) In this Part “prescribed” means prescribed by regulations made by the Secretary of State.
(2) Regulations under this Part may make—
(a) different provision for different purposes;
(b) supplementary and incidental provision.
(3) Regulations under this Part are to be made by statutory instrument.
(4) Before making regulations under this Part the Secretary of State must consult the Welsh Ministers.
(5) Where regulations under this Part are subject to “the affirmative procedure” the regulations may not be made unless a draft of the statutory instrument containing them has been laid before and approved by a resolution of each House of Parliament.
(6) Where regulations under this Part are subject to “the negative procedure” the statutory instrument containing the regulations is subject to annulment in pursuance of a resolution of either House of Parliament.
(7) Any provision that may be made in regulations under this Part subject to the negative procedure may be made in regulations subject to the affirmative procedure.
106I Interpretation
(1) In this Part the following terms have the same meaning as in Part 3—
“apparatus” (see sections 89(3) and 105(1));
“in” (in a context referring to apparatus in a street) (see section 105(1));
“street” (see section 48(1) and (2));
“undertaker” (in relation to apparatus or in a context referring to having apparatus in a street) (see sections 48(5) and 89(4)).
(2) In this Part “processing” has the same meaning as in the Data Protection Act 2018 (see section 3(4) of that Act) and “process” is to be read accordingly.”
(2) In section 167 of the New Roads and Street Works Act 1991 (Crown application)—
(a) after subsection (4) insert—
“(4A) The provisions of Part 3A of this Act (National Underground Asset Register: England and Wales) bind the Crown.”;
(b) in subsection (5), for “(4)” substitute “(4) or (4A)”.
(3) Schedule (National Underground Asset Register: monetary penalties) to this Act inserts Schedule 5A into the New Roads and Street Works Act 1991 (monetary penalties).”—(Sir John Whittingdale.)
This amendment inserts Part 3A into the New Roads and Street Works Act 1991 which requires, and makes provision in connection with, the keeping of a register of information relating to apparatus in streets (to be called the National Underground Asset Register).
Brought up, read the First and Second time, and added to the Bill.

New Clause 40 - Information in relation to apparatus

“(1) The New Roads and Street Works Act 1991 is amended in accordance with subsections (2) to (6).
(2) For the italic heading before section 79 (records of location of apparatus) substitute “Duties in relation to recording and sharing of information about apparatus”.
(3) In section 79—
(a) for the heading substitute “Information in relation to apparatus”;
(b) in subsection (1), for paragraph (c) substitute—
“(c) being informed of its location under section 80(2),”;
(c) after subsection (1A) (as inserted by section 46(2) of the Traffic Management Act 2004) insert—
“(1B) An undertaker must, except in such cases as may be prescribed, record in relation to every item of apparatus belonging to the undertaker such other information as may be prescribed as soon as reasonably practicable after—
(a) placing the item in the street or altering its position,
(b) inspecting, maintaining, adjusting, repairing, altering or renewing the item,
(c) locating the item in the street in the course of executing any other works, or
(d) receiving any such information in relation to the item under section 80(2).”
(d) omit subsection (3);
(e) in subsection (3A) (as inserted by section 46(4) of the Traffic Management Act 2004)—
(i) for “to (3)” substitute “and (2A)”;
(ii) for “subsection (1)” substitute “this section”;
(f) after subsection (3A) insert—
“(3B) Before the end of the initial upload period an undertaker must enter into NUAR—
(a) all information that is included in the undertaker’s records under subsection (1) on the archive upload date, and
(b) any other information of a prescribed description that is held by the undertaker on that date.
(3C) Where an undertaker records information as required by subsection (1) or (1B), or updates such information, the undertaker must, within a prescribed period, enter the recorded or updated information into NUAR.
(3D) The duty under subsection (3C) does not apply in relation to information recorded or updated before the archive upload date.
(3E) A duty under subsection (3B) or (3C) does not apply in such cases as may be prescribed.
(3F) Information must be entered into NUAR under subsection (3B) or (3C) in such form and manner as may be prescribed.”
(g) in subsection (4)(a), omit “not exceeding level 5 on the standard scale”;
(h) after subsection (6) insert—
“(7) For the purposes of subsection (3B) the Secretary of State must by regulations—
(a) specify a date as “the archive upload date”, and
(b) specify a period beginning with that date as the “initial upload period”.
(8) For the meaning of “NUAR”, see section 106A.”
(4) For section 80 (duty to inform undertakers of location of apparatus) substitute—
“80 Duties to report missing or incorrect information in relation to apparatus
(1) Subsection (2) applies where a person executing works of any description in a street finds an item of apparatus belonging to an undertaker in relation to which prescribed information—
(a) is not entered in NUAR, or
(b) is entered in NUAR but is incorrect.
(2) The person must take such steps as are reasonably practicable to inform the undertaker to whom the item belongs of the missing or incorrect information.
(3) Where a person executing works of any description in a street finds an item of apparatus which does not belong to the person and is unable, after taking such steps as are reasonably practicable, to ascertain to whom the item belongs, the person must—
(a) if the person is an undertaker, enter into NUAR, in such form and manner as may be prescribed, prescribed information in relation to the item;
(b) in any other case, inform the street authority of that information.
(4) Subsections (2) and (3) have effect subject to such exceptions as may be prescribed.
(5) A person who fails to comply with subsection (2) or (3) commits an offence.
(6) A person who commits an offence under subsection (5) is liable on summary conviction to a fine not exceeding level 4 on the standard scale.
(7) Before making regulations under this section the Secretary of State must consult—
(a) such representatives of persons likely to be affected by the regulations as the Secretary of State considers appropriate, and
(b) such other persons as the Secretary of State considers appropriate.
(8) For the meaning of “NUAR”, see section 106A.”
(5) Before section 81 (duty to maintain apparatus) insert—
“Other duties and liabilities of undertakers in relation to apparatus”.
(6) In section 104 (regulations), after subsection (1) insert—
“(1A) Before making regulations under section 79 or 80 the Secretary of State must consult the Welsh Ministers.
(1B) Regulations under this Part may make supplementary or incidental provision.”
(7) In consequence of the provision made by subsection (4), omit section 47 of the Traffic Management Act 2004.”—(Sir John Whittingdale.)
This amendment amends the New Roads and Street Works Act 1991 so as to impose new duties on undertakers to keep records of, and share information relating to, apparatus in streets; and makes amendments consequential on those changes.
Brought up, read the First and Second time, and added to the Bill.

New Clause 41 - Pre-commencement consultation

“A requirement to consult under a provision inserted into the New Roads and Street Works Act 1991 by section (National Underground Asset Register) or (Information in relation to apparatus) may be satisfied by consultation before, as well as consultation after, the provision inserting that provision comes into force.”—(Sir John Whittingdale.)
This amendment provides that a requirement that the Secretary of State consult under a provision inserted into the New Roads and Street Works Act 1991 by the new clauses inserted by Amendments NC39 and NC40 may be satisfied by consultation undertaken before or after the provision inserting that provision comes into force.
Brought up, read the First and Second time, and added to the Bill.

New Clause 42 - Transfer of certain functions to  Secretary of State

“(1) The powers to make regulations under section 79(1) and (2) of the New Roads and Street Works Act 1991, so far as exercisable in relation to Wales, are transferred to the Secretary of State.
(2) The power to make regulations under section 79(1A) of that Act (as inserted by section 46(2) A42of the Traffic Management Act 2004), so far as exercisable in relation to Wales, is transferred to the Secretary of State.
(3) The Street Works (Records) (England) Regulations 2002 (S.I. 2002/3217) have effect as if the reference to England in regulation 1(2) were a reference to England and Wales.
(4) The Street Works (Records) (Wales) Regulations 2005  (S.I. 2005/1812) are revoked.”—(Sir John Whittingdale.)
This amendment provides that certain powers to make regulations under section 79 of the New Roads and Street Works Act 1991, so far as exercisable in relation to Wales, are transferred from the Welsh Ministers to the Secretary of State; and makes provision in relation to regulations already made under those powers.
Brought up, read the First and Second time, and added to the Bill.

Clause 5 - Lawfulness of processing

Amendment proposed: 11, page 7, line 12, at end insert—
““internal administrative purposes”, in relation to special category data, means the conditions set out for lawful processing in paragraph 1 of Schedule 1 of the Data Protection Act 2018.”—(Kate Osborne.)
This amendment clarifies that the processing of special category data in employment must follow established principles for reasonable processing, as defined by paragraph 1 of Schedule 1 of the Data Protection Act 2018.
Question put, That the amendment be made.

The House divided: Ayes 200, Noes 276.
Question accordingly negatived.

Clause 7 - Elected representatives responding to requests

Amendment made: 252, page 10, line 2, leave out Clause 7.—(Sir John Whittingdale.)
This amendment is consequential on NC48. Clause 7 amends words in paragraph 23(4) of Schedule 1 to the Data Protection Act 2018. That provision is repealed by the new Clause.

Clause 8 - Vexatious or excessive requests by data subjects

Amendment made: 17, page 12, line 2, leave out “after subsection (2)” and insert “before subsection (3)”.—(Sir John Whittingdale.)
This technical change is consequential on the amendment of section 94 of the Data Protection Act 2018 in the new clause inserted by Amendment NC7.
Amendment proposed: 224, page 18, line 7, leave out Clause 12—(Patrick Grady.)
Question put, That the amendment be made.

The House divided: Ayes 37, Noes 279.
Question accordingly negatived.

Clause 12 - Automated decision-making

Amendment proposed: 5, page 19, line 12, after “solely” insert “or partly”.—(Chris Bryant.)
Question put, That the amendment be made.

The House divided: Ayes 195, Noes 273.
Question accordingly negatived.

Clause 16 - Duty to keep records

Amendments made: 18, page 29, line 29, after first “of” insert “high risk”.
This amendment is consequential on Amendment 21.
Amendment 19, page 29, line 34, after “individuals” insert “(‘high risk processing’)”.
See the explanatory statement for Amendment 21.
Amendment 20, page 29, line 35, leave out “such” and insert “high risk”.
This amendment is consequential on Amendment 19.
Amendment 21, page 30, line 1, leave out “processing of personal data” and insert
“high risk processing that is being”.
This amendment, read with Amendment 19, provides that, in relation to processing of personal data to which the UK GDPR applies, controllers are only required to keep records of processing currently being carried out that is likely to result in a high risk to the rights and freedoms of individuals.
Amendment 22, page 30, leave out lines 4 and 5.
This amendment is consequential on Amendment 21.
Amendment 23, page 30, line 6, after “data” insert
“undergoing the high risk processing”.
This amendment is consequential on Amendment 21.
Amendment 24, page 30, line 8, leave out
“controller is processing the personal data”
and insert
“high risk processing is being carried out”.
This amendment and Amendments 25 and 26 are consequential on Amendment 21 and are also made for consistency with the reference in new Article 30A(2) of the UK GDPR to processing carried out on behalf of, as well as by, the controller.
Amendment 25, page 30, line 10, leave out from second “the” to “(including” in line 11 and insert
“personal data undergoing the high risk processing has been, or is intended to be, shared by or on behalf of the controller”.
See the explanatory statement for Amendment 24.
Amendment 26, page 30, line 13, leave out
“to retain the personal data”
and insert
“the high risk processing to be carried out”.
See the explanatory statement for Amendment 24.
Amendment 27, page 30, leave out lines 14 to 18 and insert—
“(e) whether the high risk processing includes processing described in Article 9(1) (processing of special categories of personal data) and, if so, which type of such processing, and
(f) whether the high risk processing includes processing described in Article 10(1) (processing of personal data relating to criminal convictions etc) and, if so, which type of such processing.”
This amendment is partly consequential on Amendment 21. It also adjusts the current wording of points (e) and (f) to reflect the terms of Articles 9(1) and 10(1).
Amendment 28, page 30, line 20, after “data” insert “undergoing high risk processing”.
This amendment is consequential on Amendment 21.
Amendment 29, page 30, line 21, leave out
“its processing of personal data”
and insert
“high risk processing that it is carrying out”.
This amendment, read with Amendment 19, provides that, in relation to processing of personal data to which the UK GDPR applies, processors are only required to keep records of processing currently being carried out that is likely to result in a high risk to the rights and freedoms of individuals.
Amendment 30, page 30, leave out lines 24 and 25.
This amendment is consequential on Amendment 29.
Amendment 31, page 30, line 27, leave out “acting” and insert
“carrying out high risk processing”.
This amendment is consequential on Amendment 29.
Amendment 32, page 30, line 28, after “data” insert
“undergoing the high risk processing”.
This amendment is consequential on Amendment 29.
Amendment 33, page 30, line 31, after “data” insert
“undergoing high risk processing”.
This amendment is consequential on Amendment 29.
Amendment 34, page 30, line 36, after “of” insert “high risk”.
This amendment is consequential on Amendments 21 and 29.
Amendment 35, page 31, line 9, after “data” insert “that is being”.
This amendment and Amendment 42 make clear that the duty to keep records of processing of personal data to which Part 3 of the Data Protection Act 2018 applies only to processing currently being carried out.
Amendment 36, page 31, leave out lines 11 and 12.
This amendment and Amendments 37, 38, 39 and 40 to provisions to be inserted in the Data Protection Act 2018 are for consistency with Amendments 22, 23, 24, 25 and 26 which amend provisions to be inserted in the UK GDPR.
Amendment 37, page 31, line 13, after “data” insert “undergoing the processing”.
See the explanatory statement for Amendment 36.
Amendment 38, page 31, line 15, leave out
“the controller is processing the personal data”
and insert
“the processing is being carried out”.
See the explanatory statement for Amendment 36.
Amendment 39, page 31, line 17, leave out from second “the” to “(including” in line 18 and insert
“personal data has been, or is intended to be, shared by or on behalf of the controller”.
See the explanatory statement for Amendment 36.
Amendment 40, page 31, line 20, leave out
“to retain the personal data”
and insert
“the personal data to be retained”.
See the explanatory statement for Amendment 36.
Amendment 41, page 31, leave out lines 22 and 23 and insert—
“(e) whether the processing of the personal data includes sensitive processing (as defined in section 35(8)) and, if so, which type of such processing.”
This technical amendment changes new section 61A(2)(e) of the Data Protection Act 2018 so that it makes provision by reference to “sensitive processing”, rather than to personal data described in section 35(8).
Amendment 42, page 31, line 26, leave out
“its processing of personal data”
and insert
“the processing that it is carrying out”.
See the explanatory statement for Amendment 35.
Amendment 43, page 31, leave out lines 29 and 30.
This amendment is proposed for consistency with the change proposed by Amendment 36.
Amendment 44, page 31, line 33, after “data” insert “undergoing the processing”.—(Sir John Whittingdale.)
This amendment is proposed for consistency with the change proposed by Amendment 37.

Clause 18 - Assessment of high risk processing

Amendment proposed: 1, page 32, line 18, leave out paragraph (c) and insert—
“(c) omit paragraph 2,
(ca) in paragraph 3—
(i) for “data protection” substitute “high risk processing”,
(ii) in sub-paragraph (a), for “natural persons” substitute “individuals”,
(iii) in sub-paragraph (a) for “natural person” substitute “individual” in both places where it occurs,
(cb) omit paragraphs 4 and 5,”.—(Sir Chris Bryant.)
This amendment would leave paragraph 3 of Article 35 of the UK GDPR in place (with amendments reflecting amendments made by the Bill elsewhere in the Article), thereby ensuring that there is a definition of “high risk processing” on the face of the Regulation.
Question put, That the amendment be made.

The House divided: Ayes 198, Noes 275.
Question accordingly negatived.

Clause 33 - Codes of practice: approval by the  Secretary of State

Amendment made: 45, page 56, line 23, leave out subsection (2) and insert—
“(2) After section 124C (inserted by section 32 of this Act) insert—
124D Secretary of State’s recommendations
(1) Where a code is prepared under section 121, 122, 123, 124 or 124A, the Commissioner must—
(a) submit what the Commissioner considers to be the final version to the Secretary of State, and
(b) publish it.
(2) Before the end of the period of 40 days beginning when the code is submitted to the Secretary of State, the Secretary of State must—
(a) decide whether to make recommendations relating to the code (whether about its content or about other matters),
(b) send any recommendations to the Commissioner in writing, and
(c) publish the recommendations.
(3) If the Secretary of State does not make recommendations, the Secretary of State must lay the code before Parliament.
(4) If the Secretary of State makes recommendations, the Commissioner must, before the end of the response period—
(a) consider the recommendations,
(b) decide whether to withdraw the code, and
(c) prepare and publish a document responding to the recommendations.
(5) In subsection (4), “the response period” means—
(a) the period of 40 days beginning when the recommendations are published, or
(b) such longer period as the Secretary of State and the Commissioner may agree.
(6) The document responding to the recommendations must—
(a) state whether the Commissioner accepts each recommendation,
(b) give reasons for accepting, or not accepting, each recommendation,
(c) state the steps that the Commissioner has taken, or proposes to take, in response to each recommendation,
(d) state whether the code is withdrawn, and
(e) where relevant, give reasons for not withdrawing the code.
(7) If the document states that the code is not withdrawn, the Secretary of State must lay the code before Parliament.
(8) The withdrawal of a code does not prevent the code being re-submitted to the Secretary of State under subsection (1), with or without modifications.
(9) This section applies in relation to amendments prepared under section 121, 122, 123, 124 or 124A as it applies in relation to codes prepared under those sections.
(10) In calculating the periods of 40 days mentioned in subsections (2) and (5), no account is to be taken of—
(a) Saturdays and Sundays,
(b) Christmas Day or Good Friday, or
(c) a day which is a bank holiday under the Banking and Financial Dealings Act 1971 in any part of the United Kingdom.””—(Sir John Whittingdale.)
This amendment provides that the Information Commissioner must consider recommendations from the Secretary of State about a code of practice before the code is laid before Parliament for approval (and removes provision included in the Bill which requires a code to be approved by the Secretary of State).

Clause 48 - Introductory

Amendments made: 46, page 76, line 32, at end insert—
“(aa) a list of recognised supplementary codes (see section (List of recognised supplementary codes)),”.
This amendment is consequential on Amendment NC12.
Amendment 47, page 77, line 3, at beginning insert—
“(3) In subsection (2),””.—(Sir John Whittingdale.)
This amendment is consequential on Amendment NC25.

Clause 49 - DVS trust framework

Amendments made: 48, page 77, line 11, leave out “setting out rules”.
This amendment is consequential on Amendment 49.
Amendment 49, page 77, line 12, at end insert—
“(1A) The document must—
(a) set out rules concerning the provision of digital verification services, and
(b) set out conditions to be met for rules concerning the provision of such services which supplement the rules set out in the document to be approved by the Secretary of State under section (Approval of a supplementary code) or designated by the Secretary of State under section (Designation of a supplementary code).”
This amendment requires the Secretary of State to set conditions for approval or designation of supplementary rules concerning the provision of digital verification services.
Amendment 50, page 77, line 13, leave out subsection (2) and insert—
“(2) In this Part—
(a) the document described in subsection (1) is referred to as the DVS trust framework;
(b) the rules set out in the document are referred to as the main code;
(c) a set of rules concerning the provision of digital verification services which supplement the main code is referred to as a supplementary code.”
This amendment sets out the meaning of terms used in the Part.
Amendment 51, page 77, line 24, leave out from second “framework,” to end of line 26 and insert
“must specify the time it comes into force (which must not be a time earlier than the time it is published).”
This amendment adjusts the time when the DVS trust framework (or revisions of it) may come into force.
Amendment 52, page 77, line 27, at end insert—
“(za) set different rules for different digital verification services,
(zb) set different conditions for approval or designation for different purposes,”.
This amendment enables the DVS trust framework to set different rules for different digital verification services and to set different conditions for approval or designation for different purposes.
Amendment 53, page 77, line 29, at end insert—
“(9) Subsection (10) applies where the Secretary of State revises and republishes the DVS trust framework and the revision includes an addition to, or alteration of, the main code.
(10) The DVS trust framework may provide that from a date, or from the end of a period, specified in the framework a pre-revision certificate is required to be ignored for the purposes of sections 50(4)(a), (Registration of additional services)(1)(c), 53(1)(c) and (Duty to remove services from the DVS register)(1)(c).
(11) In subsection (10), a “pre-revision certificate” means a certificate, certifying that digital verification services provided by the holder of the certificate are provided in accordance with the main code, which was issued before the time the relevant revision to the main code comes into force.”—(Sir John Whittingdale.)
This amendment, taken together with Amendment 78, replaces provision about “top-up certificates” with provision enabling the DVS trust framework to contain transitional provision about certificates issued before revisions to the main code come into force.

Clause 50 - DVS register

Amendments made: 54, page 78, line 4, leave out first “the”.
This amendment, together with Amendment 56, clarifies that a person may hold a certificate which covers a wider range of digital verification services than those for which the person applies to be registered.
Amendment 55, page 78, line 5, leave out “DVS trust framework” and insert “main code”.
This amendment is consequential on Amendment 50.
Amendment 56, page 78, line 6, after “of” insert “one or more of”.
See the explanatory statement for Amendment 54.
Amendment 57, page 78, line 11, at end insert—
“(4A) The register must record the digital verification services in respect of which a person is, from time to time, registered.”
This amendment requires the Secretary of State to record on the DVS register which digital verification services a person is registered in respect of.
Amendment 58, page 78, line 17, leave out “55” and insert “49(10)”.
This amendment is consequential on Amendments 78 and 53.
Amendment 59, page 78, line 18, leave out “section” and insert “Part,”.
This amendment is consequential on Amendment NC25.
Amendment 60, page 78, line 23, leave out “DVS trust framework” and insert “main code”.
This amendment is consequential on Amendment 50.
Amendment 61, page 78, line 23, at end insert—
“(8) In subsection (7)—”.—(Sir John Whittingdale.)
This amendment is consequential on Amendment NC25.

Clause 51 - Applications for registration

Amendments made: 62, page 78, line 34, leave out
“for registration in the DVS register”
and insert
“under section 50, (Registration of additional services), (Supplementary notes) or (Addition of services to supplementary notes)”.
This amendment provides for how an application is made to add additional services to the DVS register, to include a note in the DVS register or to add services to a note.
Amendment 63, page 78, line 35, leave out
“an application for registration in that register”
and insert “the application”.
This amendment is consequential on Amendment 62.
Amendment 64, page 78, line 37, leave out
“an application for registration in that register”
and insert “the application”.
This amendment is consequential on Amendment 62.
Amendment 65, page 78, line 39, leave out
“an application for registration in that register”
and insert “the application”.—(Sir John Whittingdale.)
This amendment is consequential on Amendment 62.

Clause 52 - Fees for registration

Amendments made: 66, page 79, line 5, leave out
“applies for registration in the DVS register”
and insert
“makes an application under section 50, (Registration of additional services), (Supplementary notes) or (Addition of services to supplementary notes)”.
This amendment enables the Secretary of State to charge fees for applications to add services to the DVS register, to include a note in the DVS register or to add services to a note.
Amendment 67, page 79, line 9, leave out “an application for registration” and insert “the application”.
This amendment is consequential on Amendment 66.
Amendment 68, page 79, line 16, after “summarily” insert “(or, in Scotland, recoverable)”.—(Sir John Whittingdale.)
This amendment is to ensure that the provision about recovery of fees also works for recovery in Scotland.

Clause 53 - Duty to remove person from the DVS register

Amendments made: 69, page 79, line 26, after “provide” insert “all of the”.
This amendment clarifies that a duty to remove a person from the DVS register arises only if the person no longer provides any digital verification services in respect of which they are registered.
Amendment 70, page 79, line 29, leave out
“those digital verification services are”
and insert
“at least one of those digital verification services is”.
This amendment clarifies that a person may have a certificate covering a wider range of digital verification services than those in respect of which they are registered.
Amendment 71, page 79, line 30, leave out “DVS trust framework” and insert “main code”.
This amendment is consequential on Amendment 50.
Amendment 72, page 79, line 35, leave out “55” and insert “49(10)”.
This amendment is consequential on Amendments 78 and 53.
Amendment 73, page 79, line 36, leave out subsection (3). —(Sir John Whittingdale.)
This amendment is consequential on Amendment 59.

Clause 54 - Power to remove person from the DVS register

Amendments made: 74, page 80, line 2, leave out
“the Secretary of State is satisfied that”.
This amendment is consequential on Amendment 76.
Amendment 75, page 80, line 4, leave out paragraph (a) and insert—
“(a) the Secretary of State is satisfied that the person is failing to comply with the main code when providing one or more of the digital verification services in respect of which the person is registered,”.
This amendment is in part consequential on Amendment 76 and also to clarify that the power to remove a person from the DVS register is exercisable if the person is failing to comply with the main code when providing some or all of the digital verification services in respect of which they are registered.
Amendment 76, page 80, line 6, at end insert—
“(aa) the person has a supplementary note included in the DVS register and the Secretary of State is satisfied that the person is failing to comply with the supplementary code to which the note relates when providing one or more of the digital verification services recorded in the note, or”.
The amendment enables the Secretary of State to remove a person from the DVS register if the person has a note in the register that they provide digital verification services in accordance with a supplementary code and they are failing to comply with the code when providing digital verification services.
Amendment 77, page 80, line 7, after the first “the” insert
“Secretary of State is satisfied that the”.—(Sir John Whittingdale.)
This amendment is consequential on Amendment 76.

Clause 55 - Revising the DVS trust framework:  top-up certificates

Amendment made: 78, page 81, line 8, leave out clause 55.—(Sir John Whittingdale.)
This amendment is consequential on Amendment 53.

Clause 56 - Power of public authority to disclose information to registered person

Amendment made: 79, page 82, line 19, leave out from “person” to end of line and insert “whose functions—
(a) are of a public nature, or
(b) include functions of that nature.”—(Sir John Whittingdale.)
This amendment clarifies that a “public authority” means persons whose functions are entirely, or partly, functions of a public nature.

Clause 60 - Code of practice about the  disclosure of information

Amendment made: 80, page 85, line 25, leave out from “person” to end of line 26 and insert
“whose functions—
(a) are of a public nature, or
(b) include functions of that nature.”—(Sir John Whittingdale.)
This amendment clarifies that a “public authority” means persons whose functions are entirely, or partly, functions of a public nature.

Clause 62 - Power of Secretary of State to require information

Amendment made: 81, page 87, leave out lines 16 and 17.—(Sir John Whittingdale.)
This amendment is consequential on Amendment 59.

Clause 65 - Customer data and business data

Amendments made: 82, page 88, line 13, leave out from “about” to end of line 15 and insert “—
(i) where goods, services or digital content are supplied or provided,
(ii) prices or other terms on which they are supplied or provided,
(iii) how they are used, or
(iv) their performance or quality),”.
This amendment adds a reference to information about how goods, services or digital content supplied or provided by a trader are used to the examples given in paragraph (b) of the definition of “business data”.
Amendment 83, page 88, line 17, after “content” insert
“(or their supply or provision)”.
This amendment makes clear that a reference to feedback about goods, services or digital content includes feedback about their supply or provision.
Amendment 84, page 88, line 18, leave out “business data” and insert
“information described in paragraphs (a) to (c)”.
This is a technical amendment to avoid the definition of “business data” relying on that label.
Amendment 85, page 88, line 22, leave out paragraph (a) and insert—
“(a) information relating to goods, services and digital content supplied or provided by the trader to the customer or to another person at the customer’s request (such as, for example, information about—
(i) prices or other terms on which goods, services or digital content are supplied or provided to the customer or the other person,
(ii) how they are used by the customer or the other person, or
(iii) their performance or quality when used by the customer or the other person), and”.
This amendment of the definition of “customer data” removes a reference to information relating to transactions and replaces it with a reference to a wider range of information.
Amendment 86, page 88, line 24, leave out “customer data” and insert
“information described in paragraph (a), or of other information relating to a customer of a trader,”.
This is a technical amendment to avoid the definition of “customer data” relying on that label.
Amendment 87, page 88, line 30, at end insert
“(and see section (Other data provision))”.
This amendment is consequential on Amendment NC32.
Amendment 88, page 88, line 37, leave out from “time” to end of line 40 and insert “—
(i) purchased goods, services or digital content supplied or provided by T (whether for use by C or another person),
(ii) been supplied or provided by T with goods, services or digital content purchased from T by another person, or
(iii) otherwise received goods, services or digital content free of charge from T, and
(b) C purchased or received the goods, services or digital content—”.
This amendment makes clear that a person who receives, from a trader, goods, services or digital services purchased by another person is a customer of the trader for the purposes of Part 3 of the Bill.
Amendment 89, page 89, line 4, leave out
“(3)(a), the references to purchase”
and insert
“(3), the references to purchase, supply, provision”.
This amendment is consequential on Amendment 88.
Amendment 90, page 89, line 5, after “purchase” insert “, supply, provision”.
This amendment is consequential on Amendment 88.
Amendment 91, page 89, line 6, at end insert—
“(4A) In subsections (3) and (4), references to purchasing goods, services or digital content include entering into an agreement to do so.”
This amendment makes clear that certain references to purchasing goods etc including entering into an agreement to do so.
Amendment 92, page 89, line 8, at end insert “(however expressed)”.
This amendment is consequential on Amendments 84 and 86.
Amendment 93, page 89, line 12, at end insert “(however expressed)”.—(Sir John Whittingdale.)
This amendment is consequential on Amendments 84 and 86.

Clause 66 - Power to make provision in connection with customer data

Amendment made: 94, page 89, line 32, leave out from beginning to “in” and insert
“take, on the customer’s behalf, action that the customer could take”.—(Sir John Whittingdale.)
This amendment replaces a reference to an authorised person (in relation to customer data) exercising a customer’s rights with a reference to an authorised person taking action that the customer could take, in order to cover cases in which taking such action does not involve exercising the customer’s rights.

Clause 67 - Customer data: supplementary

Amendments made: 95, page 90, line 12, leave out
“or conditions imposed by a specified person”.
This amendment and Amendment 119 remove unnecessary words. The definition of “specified” (in clause 81) enables regulations under Part 3 to specify a description of condition, such as a condition imposed by a particular person.
Amendment 96, page 90, line 18, leave out “exercising of customers’ rights” and insert
“taking of action described in section 66(3)”.
This amendment is consequential on Amendment 94.
Amendment 97, page 90, line 19, leave out “customer data to be provided” and insert
“a data holder to provide customer data”.
This amendment makes clear that what is being referred to is the provision of data by a data holder.
Amendment 98, page 90, line 21, leave out “the use of” and insert
“a data holder, customer or authorised person to use”.
This amendment makes clear that what is being referred to is the use of facilities and services by data holders, customers or authorised persons.
Amendment 99, page 90, line 23, leave out “programme” and insert “programming”.
This amendment is consequential on Amendment 189.
Amendment 100, page 90, line 24, leave out
“to participate in, or comply with, arrangements”
and insert
“or authorised person to comply with specified standards, or participate in specified arrangements,”.
This amendment makes clear that data holders and authorised persons may be required to comply with particular standards, or participate in particular arrangements, in connection with the provision of customer data.
Amendment 101, page 90, line 27, after “holder” insert “or authorised person”.
This amendment enables regulations under Part 3 to require an authorised person to provide assistance in connection with facilities or services used to provide customer data.
Amendment 102, page 90, line 27, after “for,” insert “specified”.
This amendment makes clear that regulations under Part 3 may require a data holder to provide, or arrange for, particular assistance.
Amendment 103, page 90, line 29, at end insert—
“(e) provision about interface bodies (see section (Interface bodies)).”
This amendment is consequential on new clause NC27.
Amendment 104, page 91, line 1, leave out “the use of” and insert
“an authorised person to use”.
This amendment makes clear that what is being referred to is the use of facilities and services by authorised persons.
Amendment 105, page 91, line 3, leave out “programme” and insert “programming”.
This amendment is consequential on Amendment 189.
Amendment 106, page 91, line 4, leave out from “requiring” to “for” in line 5 and insert
“an authorised person to comply with specified standards, or participate in specified arrangements,”.
This amendment makes clear that an authorised person may be required to comply with particular standards, or participate in particular arrangements, in connection with the processing of customer data.
Amendment 107, page 91, line 7, leave out “the” and insert “an”.
This amendment is consequential on Amendment 106.
Amendment 108, page 91, line 8, at beginning insert “specified”.
This amendment makes clear that regulations under Part 3 may require an authorised person to provide, or arrange for, particular assistance.
Amendment 109, page 91, line 9, at end insert—
“(ca) provision about interface bodies (see section (Interface bodies));”.
This amendment is consequential on new clause NC27.
Amendment 110, page 91, line 24, leave out “, authorised persons or decision-makers” and insert “or authorised persons”.
This amendment is consequential on Amendment 140, which inserts separate provision about decision-makers’ procedures for handling complaints.
Amendment 111, page 91, line 34, at end insert—
“(11) In subsections (4)(d) and (7)(c), references to assistance include actual or contingent financial assistance (such as, for example, a grant, loan, guarantee or indemnity or buying a company’s share capital).”—(Sir John Whittingdale.)
This amendment makes clear that certain references to assistance in connection with the establishment, maintenance or management of facilities or services for the provision of data include financial assistance.

Clause 68 - Power to make provision in connection with business data

Amendments made: 112, page 91, line 38, leave out “on request”.
This amendment enables regulations under Part 3 to require a data holder to provide business data without a request being made.
Amendment 113, page 91, line 39, after “trader” insert
“to whom the business data relates”.
This amendment makes clear which trader is being referred to.
Amendment 114, page 91, line 40, leave out “(a “third party recipient”)”.
This amendment is consequential on Amendment 115.
Amendment 115, page 91, line 40, at end insert—
“(1A) In this Part, “third party recipient” means a person to whom a data holder is required to provide business data by virtue of provision made under subsection (1)(b).”
This amendment inserts a definition of “third party recipient”.
Amendment 116, page 91, line 43, at end insert—
“(2A) The Secretary of State or the Treasury may by regulations—
(a) make provision requiring a public authority that is a third party recipient (whether by virtue of those regulations or other data regulations), or a person appointed by such a public authority, to publish business data or to provide business data—
(i) to a customer of the trader to whom the business data relates, or
(ii) to another person of a specified description,
(b) in relation to the public authority, or a person appointed by the public authority to do something described in paragraph (a), make any provision that could be made in relation to a data holder, in connection with business data, in reliance on subsection (2) or sections 69 to 78, other than provision imposing a levy on the public authority or person, and
(c) in relation to a person to whom the public authority is required to provide business data by virtue of provision made under paragraph (a)(ii), make any provision that could be made in relation to a third party recipient in reliance on sections 69 to 78.”—(Sir John Whittingdale.)
This amendment enables regulations under Part 3 to make, in relation to a public authority to whom business data is provided in accordance with such regulations, the same provision that regulations may make in relation to data holders (other than provision imposing a levy on the authority).

Clause 69 - Business data: supplementary

Amendments made: 117, page 92, line 14, leave out
“make provision about requests for business data”
and insert
“require business data to be provided on request and make provision about requests”.
This amendment is consequential on Amendment 112.
Amendment 118, page 92, line 21, leave out
“persons approved to receive it (“approved persons”)”
and insert
“customers, or third party recipients, who are approved to receive it”.
This amendment removes an unnecessary label (“approved persons”).
Amendment 119, page 92, line 23, leave out
“or conditions imposed by a specified person”.
See the explanatory statement for Amendment 95.
Amendment 120, page 92, line 30, leave out
“business data to be provided or published”
and insert
“a data holder to provide or publish business data”.
This amendment makes clear that what is being referred to is the provision or publication of data by a data holder.
Amendment 121, page 92, line 32, leave out “the use of” and insert
“a data holder, customer or third party recipient to use”.
This amendment makes clear that what is being referred to is the use of facilities and services by data holders, customers or third party recipients.
Amendment 122, page 92, line 34, leave out “programme” and insert “programming”.
This amendment is consequential on Amendment 189.
Amendment 123, page 92, line 35, leave out
“to participate in, or comply with, arrangements”
and insert
“or third party recipient to comply with specified standards, or participate in specified arrangements,”.
This amendment makes clear that data holders and third party recipients may be required to comply with particular standards, or participate in particular arrangements, in connection with the provision or publication of business data.
Amendment 124, page 92, line 38, after “holder” insert “or third party recipient”.
This amendment enables regulations under Part 3 to require a third party recipient to provide assistance in connection with facilities or services used to provide or publish business data.
Amendment 125, page 92, line 38, after “for,” insert “specified”.
This amendment makes clear that regulations under Part 3 may require a data holder to provide, or arrange for, particular assistance.
Amendment 126, page 92, line 40, at end insert—
“(e) provision about interface bodies (see section (Interface bodies)).”
This amendment is consequential on new clause NC27.
Amendment 127, page 93, line 11, leave out “person” and insert “third party recipient”.
This amendment limits the power under clause 69(7) to make provision about the processing of business data to power to make provision about processing by third party recipients.
Amendment 128, page 93, line 12, leave out “the use of” and insert
“a third party recipient to use”.
This amendment makes clear that what is being referred to is the use of facilities and services by third party recipients.
Amendment 129, page 93, line 14, leave out “programme” and insert “programming”.
This amendment is consequential on Amendment 189.
Amendment 130, page 93, line 15, leave out from “requiring” to “for” in line 16
“a third party recipient to comply with specified standards, or participate in specified arrangements,”.
This amendment makes clear that a third party recipient may be required to comply with particular standards, or participate in particular arrangements, in connection with the processing of business data.
Amendment 131, page 93, line 18, leave out “the person” and insert “a third party recipient”.
This amendment is consequential on Amendment 127.
Amendment 132, page 93, line 18, after “for,” insert “specified”.
This amendment makes clear that regulations under Part 3 may require a person to provide, or arrange for, particular assistance.
Amendment 133, page 93, line 20, at end insert—
“(ca) provision about interface bodies (see section (Interface bodies));”.
This amendment is consequential on new clause NC27.
Amendment 134, page 93, line 26, leave out “an approved person” and insert “a third party recipient”.
This amendment is consequential on Amendment 118.
Amendment 135, page 93, line 28, leave out “approved person” and insert “third party recipient”.
This amendment is consequential on Amendment 118.
Amendment 136, page 93, line 31, leave out “decision-makers” and insert “third party recipients”.
This amendment enables regulations under Part 3 to require third party recipients to implement procedures for handling complaints. It is also consequential on Amendment 140, which inserts separate provision about decision-makers’ procedures for handling complaints.
Amendment 137, page 93, line 41, at end insert—
“(11) In subsections (4)(d) and (7)(c), references to assistance include actual or contingent financial assistance (such as, for example, a grant, loan, guarantee or indemnity or buying a company’s share capital).”—(Sir John Whittingdale.)
This amendment makes clear that certain references to assistance in connection with the establishment, maintenance or management of facilities or services for the provision of data include financial assistance.

Clause 70 - Decision-makers

Amendments made: 138, page 94, line 12, leave out from beginning to “include” and insert
“The monitoring powers that may be conferred on a decision-maker”.
This tidies up the drafting of provision referring to a decision-maker’s monitoring powers.
Amendment 139, page 94, line 13, after “of” insert “documents or”.
This amendment makes clear that regulations under Part 3 may confer powers on decision-makers to require documents (as well as information) to be provided.
Amendment 140, page 94, line 20, at end insert—
“(6A) The regulations may make provision about complaints, including provision requiring a decision-maker to implement procedures for the handling of complaints.”
This amendment enables regulations under Part 3 to require decision-makers to have procedures for handling complaints.
Amendment 141, page 94, line 22, after second “specified” insert “documents or”.
This amendment makes clear that regulations under Part 3 may impose duties on decision-makers to publish or provide documents (as well as information).
Amendment 142, page 94, line 25, leave out
“carried out by a specified person”
and insert “exercised by another person”.
This amendment and Amendment 153 make drafting changes for consistency with other provisions in Part 3 of the Bill which refer to powers being exercised.
Amendment 143, page 94, line 38, leave out “to produce and publish” and insert “—
(a) to produce”.
See the explanatory statement for Amendment 144.
Amendment 144, page 94, line 41, at end insert—
“(b) to publish the guidance, and
(c) to provide copies to specified persons.”—(Sir John Whittingdale.)
This amendment and Amendment 143 make clear that regulations under Part 3 may require a decision-maker to provide copies of its guidance.

Clause 71 - Enforcement of data regulations

Amendments made: 145, page 95, leave out lines 4 to 7 and insert—
“(a) for the purpose of monitoring compliance with data regulations or requirements imposed in exercise of a power conferred by regulations under this Part, and
(b) for the enforcement of data regulations or such requirements,”
including provision for monitoring or enforcement by a specified public authority (an “enforcer”).”
This amendment makes clear that an enforcer’s powers may include powers to monitor, as well as enforce, requirements.
Amendment 146, page 95, line 11, after “of” insert “documents or”.
This amendment makes clear that regulations under Part 3 may confer powers on enforcers to require documents (as well as information) to be provided.
Amendment 147, page 95, line 11, after “information,” insert—
“(aa) powers to require an individual to attend at a place and answer questions,”.
This amendment enables regulations under Part 3 to confer power on an enforcer to require people to answer questions in interviews.
Amendment 148, page 95, line 28, after “regulations” insert
“, a requirement imposed in exercise of a power conferred by regulations under this Part”.
This amendment enables regulations under Part 3 to confer power on an enforcer to publicly censure a person who fails to comply with a requirement imposed on them in exercise of power conferred by such regulations.
Amendment 149, page 95, line 29, leave out from “with” to second “in” in line 30 and insert
“an unlimited fine, or a fine not exceeding a specified amount,”.
This amendment removes words which are unnecessary given the definition of “specified” (in clause 81), which refers to matters specified in regulations under Part 3. See also amendment 195 (which amends that definition).
Amendment 150, page 95, line 34, at end insert “, an interface body”.
This amendment enables regulations under Part 3 to create an offence in respect of an act or omission which prevents an interface body (see new clause NC27) from accessing information, documents, equipment or other material.
Amendment 151, page 95, line 41, at end insert—
“(ba) a failure to comply with a requirement imposed in exercise of a power conferred by regulations under this Part;”.
This amendment enables regulations under Part 3 to provide for a financial penalty to be imposed for a failure to comply with a requirement imposed in exercise of a power conferred by such regulations.
Amendment 152, page 96, line 13, leave out “enforcement under the regulations” and insert
“monitoring or enforcement described in subsection (1)”.
This amendment is consequential on Amendment 145.
Amendment 153, page 96, line 18, leave out
“carried out by a specified person”
and insert “exercised by another person”.
See the explanatory statement for Amendment 142.
Amendment 154, page 96, line 28, leave out “to produce and publish” and insert “—
(a) to produce”.
See the explanatory statement for Amendment 155.
Amendment 155, page 96, line 31, at end insert—
“(b) to publish the guidance, and
(c) to provide copies to specified persons.”—(Sir John Whittingdale.)
This amendment and Amendment 154 make clear that regulations under Part 3 may require an enforcer to provide copies of its guidance.

Clause 72 - Restrictions on powers of investigation etc

Amendments made: 156, page 96, line 37, after “decision-maker” insert “, an interface body”.
This amendment and Amendment 157 are consequential on new clause NC27, which enables regulations under Part 3 to confer monitoring powers (including powers to require information and documents to be provided) on interface bodies.
Amendment 157, page 97, line 29, after “decision-maker” insert “, an interface body”—(Sir John Whittingdale.)
See the explanatory statement for Amendment 156.

Clause 73 - Financial penalties

Amendments made: 158, page 98, line 5, leave out subsection (2) and insert—
“(2) The regulations must provide for the amount of a financial penalty to be—
(a) a specified amount or an amount determined in accordance with the regulations, or
(b) an amount not exceeding such an amount,
unless section (The FCA and financial services interfaces: penalties and levies) confers power to provide otherwise.”
This amendment makes clear that regulations under Part 3 may specify the maximum amount of a financial penalty (or a method for determining that) instead of specifying the amount itself (or a method for determining that). It is also consequential on new clause NC30.
Amendment 159, page 98, line 8, leave out “issue” and insert “produce”.
See the explanatory statement for Amendment 160.
Amendment 160, page 98, line 11, at end insert—
“(aa) requiring an enforcer to publish the guidance and to provide copies to specified persons;”.
This amendment and Amendment 159 make clear that regulations under Part 3 may require an enforcer to provide copies of its guidance.
Amendment 161, page 98, line 27, leave out “circumstances specified in the regulations” and insert “specified circumstances”.
This amendment simplifies some wording which relies on the definition of “specified” in clause 81.
Amendment 162, page 98, line 29, leave out from “increased” to end of line 31 and insert “in the event of late payment by—
(i) a specified amount or an amount determined in accordance with the regulations, or
(ii) an amount not exceeding such an amount;”.—(Sir John Whittingdale.)
This amendment makes clear that regulations under Part 3 may specify the maximum amount by which a financial penalty may be increased in the event of late payment.

Clause 74 - Fees

Amendments made: 163, page 99, line 3, at end insert—
“(ba) interface bodies;”.
This amendment provides that regulations under Part 3 may make provision enabling interface bodies (see new clause NC27) to charge fees for performing duties, or exercising powers, imposed or conferred by such regulations.
Amendment 164, page 99, line 20, leave out subsection (5) and insert—
“(5) Regulations under subsection (1) may provide for the amount, or maximum amount, of a fee to increase at specified times and by—
(a) a specified amount or an amount determined in accordance with the regulations, or
(b) an amount not exceeding such an amount.”— (Sir John Whittingdale.)
This amendment makes clear that regulations under Part 3 may specify the maximum amount by which fees may be increased.

Clause 75 - Levy

Amendments made: 165, page 99, line 32, leave out “body” and insert “authority”.
This amendment is consequential on Amendment 193.
Amendment 166, page 99, line 33, after “holders” insert
“, authorised persons or third party recipients”.
This amendment enables a levy under clause 75 to be imposed on authorised persons (as defined in clause 66) and third party recipients (as defined in clause 68), as well as on data holders (as defined in clause 65).
Amendment 167, page 99, line 34, leave out
“decision-makers or enforcers or by persons”
and insert
“a person listed in subsection (1A), or a person”.
This amendment and Amendment 169 provide that regulations under Part 3 may impose a levy on data holders for the purposes of meeting expenses incurred by interface bodies (see new clause NC27) and public authorities subject to requirements imposed under clause 68(2A) (see Amendment 116).
Amendment 168, page 99, line 35, after “behalf” insert
“, in performing duties, or exercising powers, imposed or conferred by regulations under this Part”.
This amendment is consequential on Amendment 167. It makes clear that a levy under Part 3 can only be imposed in connection with expenses incurred in the performance of duties, or the exercise of powers, imposed or conferred by regulations under that Part.
Amendment 169, page 99, line 37, at end insert—
“(1A) Those persons are—
(a) decision-makers;
(b) interface bodies;
(c) enforcers;
(d) public authorities subject to requirements imposed by regulations made in reliance on section 68(2A).”
See the explanatory statement for Amendment 167.
Amendment 170, page 99, line 39, leave out “decision-makers or enforcers” and insert “a person”.
This amendment is consequential on Amendments 167 and 169.
Amendment 171, page 99, line 42, leave out “decision-makers or enforcers” insert “person”.
This amendment is consequential on Amendments 167 and 169.
Amendment 172, page 100, line 1, leave out “body” and insert “authority”.
This amendment is consequential on Amendment 193.
Amendment 173, page 100, line 6, leave out “body” and insert “public authority”.—(Sir John Whittingdale.)
This amendment is consequential on Amendment 193

Clause 76 - Financial assistance

Amendments made: 174, page 100, line 15, leave out from “duties” to end of line 16 and insert
“, or exercising powers, imposed or conferred by regulations made under this Part or exercising other functions in connection with such regulations”.
This amendment adjusts the wording in clause 76(1) for consistency with similar wording in clauses 74(1) and 75(1).
Amendment 175, page 100, line 17, leave out subsection (2) and insert—
“(2) But subsection (1) does not enable financial assistance to be provided to a person listed in subsection (2A) or to a person acting on their behalf.
(2A) Those persons are—
(a) data holders,
(b) customers,
(c) authorised persons, or
(d) third party recipients, other than a third party recipient that is a public authority subject to requirements imposed by regulations made in reliance on section 68(2A).”—(Sir John Whittingdale.)
This amendment prevents the provision of financial assistance to people acting on behalf of certain persons. It also enables financial assistance to be provided to a public authority that is subject to requirements under clause 68(2A) (see Amendment 116).

Clause 78 - Regulations under this Part

Amendments made: 176, page 101, line 11, after “to” insert “standards,”.
This amendment makes clear that regulations under Part 3 may make provision by reference to published standards.
Amendment 177, page 101, line 14, at end insert
“, and make provision in connection with the procedure for exercising the functions;”.
This amendment makes clear that regulations under Part 3 may make provision about the procedure for exercising functions conferred by the regulations.
Amendment 178, page 101, line 16, at end insert—
“(1A) Regulations under this Part may not require or enable a person to make rules imposing requirements on a person, except as provided by sections (The FCA and financial services interfaces) to (The FCA and financial services interfaces: penalties and levies).”
This amendment makes clear that, subject to certain exceptions, regulations under Part 3 may not confer powers to make rules.
Amendment 179, page 101, line 16, at end insert—
“(1B) Regulations under this Part may not require or enable a person to set the maximum amount of a fine, except that such regulations may make provision about the maximum amount referring to the standard scale, the statutory maximum or a similar amount.
(1C) Regulations under this Part may not require or enable a person to set the amount or maximum amount of, or of an increase in, a penalty or fee or to set the method for determining such an amount, except as provided by subsection (1D) and sections (The FCA and financial services interfaces: supplementary) and (The FCA and financial services interfaces: penalties and levies).
(1D) Regulations under this Part—
(a) may make provision about the amount or method described in subsection (1C) referring to a published index, and
(b) may require or enable a person to make decisions, in accordance with a maximum amount or method set out in the regulations, about the amount of, or of an increase or reduction in, a penalty or fee payable in a particular case.”
This amendment makes clear that, subject to certain exceptions, amounts of fines, penalties and fees must be set out on the face of regulations under Part 3.
Amendment 180, page 101, line 18, leave out “or repeal” and insert “, repeal or revoke”.
This amendment and Amendment 185 are technical amendments. They make the power under clause 78(2) to make regulations modifying primary legislation consistent with the power under clause 114.
Amendment 181, page 101, line 27, leave out “and (2)” and insert “, (2) and (2A)”.
This amendment provides that the first regulations under new subsection (2A) of clause 68 making provision about a particular description of business data are subject to the affirmative resolution procedure. New subsection (2A) is inserted by amendment 116.
Amendment 182, page 101, line 30, at end insert “or interface bodies”.
This amendment provides that regulations under clause 66 or 68 which make requirements more onerous for interface bodies (see new clause NC27) are subject to the affirmative resolution procedure.
Amendment 183, page 101, line 31, after “70(4),” insert “(Interface bodies),”.
This amendment provides that regulations conferring monitoring powers on interface bodies (see new clause NC27) are subject to the affirmative resolution procedure.
Amendment 184, page 101, line 31, leave out “or 75” and insert
“, 75, (The FCA and financial services interfaces), (The FCA and financial services interfaces: penalties and levies) or (Liability in damages)”.
This amendment provides that regulations made under new clauses NC28, NC31 and NC31 are subject to the affirmative resolution procedure.
Amendment 185, page 101, line 32, leave out “or repeal” and insert “, repeal or revoke”.
See the explanatory statement for Amendment 180.
Amendment 186, page 101, line 38, at end insert
“or representatives of such persons”.
Clause 78(5) requires the Secretary of State and the Treasury, where they consider it appropriate, to consult certain persons before making regulations under Part 3 that are subject to the affirmative procedure. This amendment adds representatives of persons likely to be affected by the regulations to the list of persons to be consulted.
Amendment 187, page 102, line 4, leave out paragraph (e).—(Sir John Whittingdale.)
This amendment and Amendment 199 remove retained direct principal EU legislation from definitions of “primary legislation” in provisions about regulation-making powers, reflecting changes to the status of retained direct EU legislation made by the Retained EU Law (Revocation and Reform) Act 2023 (see section 9 and paragraph 13 of Schedule 3).

Clause 81 - Interpretation of this Part

Amendments made: 188, page 102, line 28, after “Part” insert
“(in addition to the terms defined in section 65)”.
Clause 81 lists terms defined for Part 3 of the Bill. This amendment adds a reference to terms defined for that Part in clause 65.
Amendment 189, page 102, leave out lines 29 and 30 and insert—
““application programming interface” means a facility for allowing software to make use of facilities contained in other software;”.
This amendment replaces the definition of “application programme interface”.
Amendment 190, page 102, leave out line 31.
This amendment removes the definition of “approved person” and is consequential on Amendment 118.
Amendment 191, page 103, line 7, at end insert—
““the FCA” has the meaning given by section (The FCA and financial services interfaces);
“FCA additional requirement” has the meaning given by section (The FCA and financial services interfaces);
“FCA interface rules” has the meaning given by section (The FCA and financial services interfaces);”.
This amendment inserts definitions of “the FCA”, “FCA additional requirements” and “FCA interface rules”, cross-referring to new clause NC28, which defines those terms to mean the Financial Conduct Authority and certain requirements imposed, and rules made, by that Authority.
Amendment 192, page 103, line 7, at end insert—
““interface arrangements” has the meaning given by section (Interface bodies);
“interface body” has the meaning given by section (Interface bodies);
“interface standards” has the meaning given by section (Interface bodies);”.
This amendment inserts into the interpretation clause for Part 3 definitions of terms introduced in new clause NC27.
Amendment 193, page 103, line 15, leave out “body” means a body or other” and insert “authority” means a”.
This amendment changes a definition of “public body” to a definition of “public authority”, to reflect the fact that the definition includes persons other than bodies.
Amendment 194, page 103, leave out lines 18 and 19.
This amendment removes an unnecessary qualification of the definition of “public body” relating to persons whose functions include, but are not limited to, functions of a public nature.
Amendment 195, page 103, line 24, at end insert
“, or in exercise of a power conferred by such regulations, except to the extent otherwise provided in this Part”.
This amendment amends the definition of “specified” to make clear that that term generally includes something specified in exercise of a power conferred by regulations under Part 3.
Amendment 196, page 103, line 25, leave out “68(1)(b)” and insert “68(1A)”.—(Sir John Whittingdale.)
This amendment is consequential on Amendments 114 and 115.

Clause 87 - Direct marketing for the purposes of democratic engagement

Amendment proposed: 218, page 110, line 1, leave out clause 87.—(Sir Chris Bryant.)
Question put, That the amendment be made.

The House divided: Ayes 194, Noes 275.
Question accordingly negatived.
Amendments made: 253, page 110, line 4, leave out paragraph (a) and insert—
“(a) falls within subsection (2), and”.
This amendment and Amendment 254 are consequential on the insertion of a new definition of “democratic engagement” by Amendment 256.
Amendment 254, page 110, leave out lines 6 and 7 and insert—
“(2) Communications activity falls within this subsection if—”.
See the explanatory statement for Amendment 253.
Amendment 255, page 110, line 13, leave out sub-paragraphs (i) and (ii) and insert—
“(i) by, or at the instigation of, a registered political party, and
(ii) for the purposes of the party’s election activities or democratic engagement activities,”.—(Sir John Whittingdale.)
This amendment clarifies the types of processing by a registered political party that fall within clause 87(2) (processing that may be the subject of an exception from a direct marketing provision in the PEC Regulations (defined in clause 82)). See also the definitions inserted by Amendments 256, 260 and 261.

Clause 88 - Meaning of expressions in section 87

Amendments made: 256, page 111, leave out line 7 and insert—
“(A1) For the purposes of section 87(2)(a) and (b)—
(a) “democratic engagement activities” means activities whose purpose is to support or promote democratic engagement;
(b) “democratic engagement” means engagement by the public, a section of the public or a particular person with, or with an aspect of, an electoral system or other democratic process in the United Kingdom, either generally or in connection with a particular matter, whether by participating in the system or process or engaging with it in another way;
(c) examples of democratic engagement activities include activities whose purpose is—
(i) to promote the registration of individuals as electors;
(ii) to increase the number of electors participating in elections for elected representatives, referendums or processes for recall petitions in which they are entitled to participate;
(iii) to support an elected representative or registered political party in discharging functions, or carrying on other activities, described in section section 87(2)(a) or (b);
(iv) to support a person to become a candidate for election as an elected representative;
(v) to support a campaign or campaigning referred to in section 87(2)(c), (d) or (e);
(vi) to raise funds to support activities whose purpose is described in sub-paragraphs (i) to (v);
(d) examples of activities that may be democratic engagement activities include—
(i) gathering opinions, whether by carrying out a survey or by other means;
(ii) communicating with electors.
(1) In section 87 and this section—”
This amendment clarifies the meaning of “democratic engagement activities” in clause 87, which confers power on the Secretary of State to create exceptions from direct marketing provisions in the PEC Regulations (defined in clause 82) for certain communications activities.
Amendment 257, page 111, leave out lines 18 and 19.
This amendment is consequential on Amendment 256.
Amendment 258, page 111, line 26, after “(4)” insert “and (4A)”.
This amendment is consequential on Amendment 264.
Amendment 259, page 111, line 26, leave out “and (5)”.
This amendment is consequential on Amendment 265.
Amendment 260, page 111, line 26, at end insert—
““election activities” , in relation to a registered political party, means—
(a) campaigning in connection with an election for an elected representative, and
(b) activities whose purpose is to enhance the standing of the party, or of a candidate standing for election in its name, with electors;
“elector” means a person who is entitled to vote in an election for an elected representative or in a referendum;”
This amendment inserts definitions of terms used in provision inserted by Amendments 255 and 256.
Amendment 261, page 111, line 33, at end insert—
““registered political party” means a person or organisation included in a register maintained under section 23 of the Political Parties, Elections and Referendums Act 2000;
“successful” , in relation to a recall petition, has the same meaning as in the Recall of MPs Act 2015 (see section 14 of that Act).”
This amendment inserts a definition of terms used in provision inserted by Amendments 255, 256 and 264.
Amendment 262, page 112, line 39, at end insert—

  

  “(ga)a mayor for the area of a combined county authority established under section 9 of the Levelling-up and Regeneration Act 2023
  section 118A of the Representation of the People Act 1983, as applied by the Combined Authorities (Mayoral Elections) Order 2017 (S.I. 2017/67)”

  

This amendment adds mayors for the area of a combined county authority established under section 9 of the Levelling-up and Regeneration Act 2023 to the list of elected representatives for the purposes of clause 87 (exceptions from direct marketing provisions under the PEC Regulations).
Amendment 263, page 113, line 31, leave out
“period of 30 days beginning with the day after the”.
This amendment decreases the period for which former MPs and members of the devolved legislatures continue to be treated as "elected representatives" for the purposes of clause 87 (exceptions from direct marketing provisions under the PEC Regulations) following a general election.
Amendment 264, page 113, line 32, at end insert—
“(4A) For the purposes of the definition of “elected representative” in subsection (1), where a member of the House of Commons’s seat becomes vacant as a result of a successful recall petition, that person is to be treated as if they were a member of the House of Commons until the end of the day on which the resulting by-election is held or, if earlier, the day on which the next general election in relation to Parliament is held.”
This amendment extends the period for which a member of the House of Commons who is the subject of a successful recall petition continues to be treated as an “elected representative” for the purposes of clause 87 (exceptions from direct marketing provisions under the PEC Regulations).
Amendment 265, page 113, line 33, leave out subsection (5).—(Sir John Whittingdale.)
This amendment removes the extension of the period for which former elected members of the Common Council of the City of London are treated as continuing to be “elected representatives” for the purposes of clause 87 (exceptions from direct marketing provisions under the PEC Regulations) following the annual Wardmotes.

Clause 98 - Disclosure of information to improve public service delivery to undertakings

Amendment made: 197, page 125, line 14, leave out
“the law in Scotland and”
and insert
“part of the law of Scotland or”.—(Sir John Whittingdale.)
This amendment makes a minor change, replacing a reference to section 35 of the Digital Economy Act 2017 forming the law in Scotland and Northern Ireland with a reference to that section forming part of the law of Scotland or Northern Ireland.

Clause 109 - Transfer of functions to the Information Commission

Amendment made: 198, page 131, line 37, leave out “retained direct EU” and insert “assimilated direct”.—(Sir John Whittingdale.)
This amendment replaces a reference to “retained direct EU legislation” in a definition of “enactment” with a reference to “assimilated direct legislation”, reflecting changes made by section 5 of the Retained EU Law (Revocation and Reform) Act 2023.

Clause 114 - Power to make consequential amendments

Amendment made: 199, page 137, line 29, leave out paragraph (e).—(Sir John Whittingdale.)
See the explanatory statement for Amendment 187.

Clause 118 - Extent

Amendment made: 200, page 138, line 35, at end insert—
“(aa) section (National Underground Asset Register) and Schedule (National Underground Asset Register: monetary penalties)(National Underground Asset Register);
(ab) sections (Pre-commencement consultation) and (Transfer of certain functions to Secretary of State) (other provisions in connection with National Underground Asset Register);”.—(Sir John Whittingdale.)
This amendment amends clause 118 of the Bill (extent) to provide that the new clauses inserted by amendments NC39, NC41 and NC42 and the new Schedule inserted by amendment NS2 extend to England and Wales only.

Clause 119 - Commencement

Amendments made: 201, page 139, line 7, at end insert—
“(za) section (Searches in response to data subjects’ requests) (searches in response to data subjects’ requests);”.
This amendment provides for new clause NC7 to come into force on Royal Assent.
Amendment 202, page 139, line 9, at end insert—
“(ba) section (Retention of biometric data and recordable offences) (retention of biometric data and recordable offences);”.
This amendment provides for new clause NC36 to come into force on Royal Assent.
Amendment 203, page 139, line 9, at end insert—
“(bb) section (Retention of pseudonymised biometric data) (retention of pseudonymised biometric data);”.
This amendment provides for new clause NC37 to come into force on Royal Assent.
Amendment 204, page 139, line 9, at end insert—
“(bc) section (Retention of biometric data from INTERPOL) (retention of biometric data from INTERPOL);”.
This amendment provides for new clause NC38 to come into force on Royal Assent.
Amendment 205, page 139, line 11, after “Act” insert
“(including provision modifying other legislation)”.
This amendment makes clear that the provisions brought into force by clause 119(2)(d) on the day on which the Bill is passed (regulation-making powers and associated provisions) include provisions inserted into other legislation by the Bill.
Amendment 206, page 139, line 19, at end insert—
“(ca) section (Notices from the Information Commissioner) (notices from the Information Commissioner);”.
This amendment provides for new clause NC8 to come into force  2 months after Royal Assent.
Amendment 207, page 139, line 20, at end insert—
“(da) section (Power to require information for social security purposes) and Schedule (Power to require information for social security purposes) (power to require information for social security purposes);”.—(Sir John Whittingdale.)
This amendment provides for new clause NC34 and new Schedule NS1 to come into force two months after Royal Assent.

New Schedule 1 - Power to require information for social security purposes

“Part 1 - Social security administration act 1992

1 The Social Security Administration Act 1992 is amended as follows.
2 In section 109B (power to require information), after subsection (6) insert—
“(6A) Nothing in this section limits the powers conferred on the Secretary of State by Schedule 3B.”
3 In section 111 (delay, obstruction etc of inspector), in subsection (1)(b), after “otherwise than” insert “under Schedule 3B or”.
4 In Part 7 (information), before section 121E (and the italic heading before it) insert—
“Account information
121DB Power to require account information
Schedule 3B makes provision about a power for the Secretary of State to obtain account information.”
5 In section 190 (Parliamentary control of orders and regulations), in subsection (1), omit the “or” after paragraph (ab) and after paragraph (b) insert “, or
(c) regulations under paragraph 1(1), 9(3)(a) or 12 of Schedule 3B,”
6 After Schedule 3A insert—

“Schedule 3B - Power of secretary of state to require account information

Part 1 - Power to require account information

Power to give account information notices
(1) The Secretary of State may give an account information notice to a person of a prescribed description requiring the person to provide information as set out in paragraph 2 in connection with accounts that the person administers or to which the person has access.
(2) The power may be exercised only for the purpose of assisting the Secretary of State in identifying cases which merit further consideration to establish whether relevant benefits are being paid or have been paid in accordance with the enactments and rules of law relating to those benefits.
Account information notices
2 (1) An account information notice is a notice requiring a person to give the Secretary of State—
(a) the names of the holders of accounts that the person identifies as being matching accounts in relation to a specified relevant benefit,
(b) other specified information relating to the holders of those accounts, and
(c) such further information in connection with those accounts as may be specified.
(2) An account information notice—
(a) may require information relating to a person who holds a matching account even if the person does not claim a relevant benefit;
(b) may not require information relating to any person who does not hold a matching account.
(3) “Matching accounts”, in relation to a specified relevant benefit, are accounts—
(a) linked to the receipt of that benefit, and
(b) in relation to which specified criteria relevant to that benefit, or specified criteria including such criteria, are met (for example, criteria about account balances or transactions outside the United Kingdom).
(4) Depending on the provision made by an account information notice, an account linked to the receipt of a relevant benefit may be a matching account if specified criteria are met in relation to a combination of accounts that includes that account.
(5) An account is to be regarded as linked to the receipt of a particular relevant benefit if it is—
(a) an account into which the benefit is (or is to be) paid,
(b) an account into which the benefit has been paid, or
(c) an account linked to an account within paragraph (a) or (b).
(6) An account is to be regarded as linked to another if the same person holds both accounts.
(7) An account information notice may not be framed in such a way as to require a person to interrogate historic data.
(8) Data is historic, in relation to a day when a person carries out a process to identify matching accounts, if it relates to a time before the beginning of the period of one year ending with that day.
(9) Information provided to the Secretary of State on a particular day in response to an account information notice must relate to accounts identified by means of a process carried out no more than seven days before that day.
(10) In this paragraph and paragraph 3 “specified” means—
(a) in the case of a relevant benefit, specified or denoted by a code in an account information notice;
(b) in every other case, specified or described in an account information notice.
Further provision about account information notices
3 (1) An account information notice may require the provision of documents, including the provision of a legible and intelligible copy of information recorded otherwise than in a legible form, and references in this Schedule to the provision of information are to be read accordingly.
(2) An account information notice may require information to be provided at specified intervals for a period not exceeding one year from the date of the notice.
(3) An account information notice other than one within sub-paragraph (2) must state the date by which or the period within which the information must be provided.
(4) An account information notice must give details about—
(a) rights of appeal, and
(b) the consequences of not complying with the notice.
(5) An account information notice may require information—
(a) to be compiled or collated in a specified manner;
(b) to be provided in a specified way (including by electronic transmission to a specified address or portal).
(6) The Secretary of State may vary or cancel an account information notice by notice to the person to whom it was given.
Restrictions on processing and data protection
(1) Except as provided by sub-paragraph (2), processing of information carried out in compliance with an account information notice does not breach—
(a) any obligation of confidence owed by the person processing the information, or
(b) any other restriction on the processing of information (however imposed).
(2) The power conferred by paragraph 1 does not authorise, and is not exercisable to require—
(a) processing of personal data that would contravene the data protection legislation (but in determining whether processing of personal data would do so, that power is to be taken into account);
(b) processing of information that is prohibited by any of Parts 1 to 7 or Chapter 1 of Part 9 of the Investigatory Powers Act 2016.
Use of information
5 (1) Information provided to the Secretary of State in response to an account information notice may be used by the Secretary of State only for the purposes of, or for any purposes connected with, the exercise of departmental functions.
(2) “Departmental functions” has the same meaning as in section 127 of the Welfare Reform Act 2012.

Part 2 - Code of practice

Code of practice
6 (1) The Secretary of State may issue a code of practice in connection with account information notices.
(2) Such a code may, in particular, include—
(a) provision about considerations relevant to—
(i) the exercise of powers conferred by Part 1;
(ii) the imposition of penalties under Part 3;
(b) provision designed to assist persons given account information notices in complying with such notices;
(c) provision about complaints in connection with such notices.
(3) If the Secretary of State decides to issue a code of practice, the Secretary of State must first prepare and publish a draft of the code of practice.
(4) If the Secretary of State considers it appropriate to proceed after considering any representations made concerning the draft and making any changes that the Secretary of State considers appropriate, the Secretary of State must—
(a) issue the code of practice, and
(b) lay it before Parliament.
(5) The code of practice comes into force on the day on which it is issued.
Code of practice: revisions
7 (1) The Secretary of State may from time to time revise and re-issue the code of practice.
(2) Sub-paragraphs (3) to (5) of paragraph 6 apply in relation to a re-issue of the code of practice as they apply in relation to the first code of practice.
(3) But sub-paragraphs (3) and (4) of paragraph 6 do not apply if the only changes to be made to the code of practice are—
(a) updates of references to legislation or documents which have become out of date, or
(b) other minor corrections.
(4) The Secretary of State may withdraw a code of practice.
Code of practice: further provision
8 (1) The Secretary of State must have regard to a code of practice that is for the time being in force under this Part in exercising, or deciding whether to exercise, any function to which the code of practice is relevant.
(2) A person’s failure to observe any provision of a code of practice does not of itself make the person liable to any legal proceedings.
(3) A code of practice is admissible in evidence in any legal proceedings.

Part 3 - Penalties

Penalties for failure to comply
9 (1) If the Secretary of State considers that a person who has been given an account information notice has failed to comply with it, the Secretary of State must give the person an opportunity to make representations about the failure.
(2) Sub-paragraph (3) applies if, having considered any representations that are made, the Secretary of State has reasonable grounds to believe that the person has failed to comply with the account information notice and had no reasonable excuse for the failure.
(3) The Secretary of State may give the person—
(a) a notice requiring the person to pay a penalty of a prescribed amount (a “fixed penalty”);
(b) a notice requiring the person to pay a penalty calculated by reference to a daily rate (a “daily rate penalty”);
(c) a notice requiring the person to pay a fixed penalty and a daily rate penalty.
(4) A notice under sub-paragraph (3) is referred to in this Schedule as a penalty notice.
(5) A penalty notice imposing a fixed penalty must state—
(a) the amount of the penalty, and
(b) the period within which it must be paid.
(6) A penalty notice imposing a daily rate penalty must—
(a) state the daily rate of the penalty,
(b) state the date from which the penalty will begin to be payable, which must not be earlier than the day after the last date on which an appeal against the penalty may be brought under paragraph 14, and
(c) state that the penalty will continue to be payable at the daily rate until the date on which the person complies with the account information notice or such earlier date as may be specified.
(7) A penalty notice must also include information as to—
(a) the failure to which the penalty relates,
(b) how payment may be made,
(c) rights of appeal, and
(d) the consequences of non-payment (including, in the case of a daily rate penalty, the potential for the penalty to be increased as described in paragraph 10).
(8) The Secretary of State may vary or cancel a penalty notice by notice to the person to whom it was given.
(9) The maximum amount of a fixed penalty that may be prescribed is £1,000.
(10) Subject to paragraph 10, the daily rate of a daily rate penalty is to be such rate as the Secretary of State considers appropriate but it must not exceed £40.
Increased daily rate penalties
10 (1) This paragraph applies if—
(a) a daily rate penalty is imposed on a person by a penalty notice, and
(b) the failure to which the penalty relates continues for more than 30 days beginning with the first date on which the daily rate penalty is payable.
(2) The Secretary of State may make an application to the Tribunal for an increased daily rate penalty to be payable by the person.
(3) The Tribunal may determine that an increased daily rate penalty should be payable, and in that case, must determine the increased daily rate and the date from which the increased penalty will begin to be payable.
(4) In deciding the increased daily rate, the Tribunal must, in particular, have regard to—
(a) the likely cost to the person of not complying with the account information notice,
(b) any benefits to the person of not complying with it, and
(c) any benefits to anyone else resulting from the person’s non-compliance.
(5) The Tribunal may not determine a daily rate that exceeds £1,000.
(6) The Secretary of State must notify the person of the Tribunal’s determination.
Recovery of penalties
11 (1) In England and Wales, a penalty is recoverable—
(a) if the county court so orders, as if it were payable under an order of that court;
(b) if the High Court so orders, as if it were payable under an order of that court.
(2) In Scotland, a penalty may be enforced in the same manner as an extract registered decree arbitral bearing a warrant for execution issued by the sheriff court of any sheriffdom in Scotland.
(3) In this paragraph “penalty” means a penalty imposed by a penalty notice.
Power to change maximum amount of penalties
12 Regulations may amend the amount for the time being specified in paragraph 9(9) or (10) or 10(5) to reflect a change in the value of money.

Part 4 - Appeals

Appeals against account information notices
13 (1) A person who is given an account information notice may appeal to the Tribunal against the notice, or any requirement of it, on any of the following grounds—
(a) the person is not a person to whom a notice may be given,
(b) a requirement of the notice is inconsistent with provision made by paragraph 2, or
(c) it is unduly onerous to comply with the notice or requirement.
(2) Notice of an appeal under sub-paragraph (1) must be given before the end of the period of 30 days beginning with the date on which the account information notice was given.
(3) On an appeal under sub-paragraph (1), the Tribunal may confirm, vary or quash the account information notice or a requirement of it, including by varying the period within which, or the frequency with which, information is to be provided.
(4) If an appeal is brought against an account information notice or any requirement of it, the notice or requirement (as the case may be) is of no effect until the appeal is determined or withdrawn, unless the Tribunal orders otherwise.
Appeals against penalty notices
14 (1) A person who is given a penalty notice may appeal to the Tribunal against—
(a) the notice,
(b) the amount of the penalty, or
(c) in the case of a daily rate penalty, the period during which the daily amounts are payable.
(2) But sub-paragraph (1)(b) does not give a right of appeal against the amount of an increased daily rate penalty determined by the Tribunal under paragraph 10.
(3) Notice of an appeal under sub-paragraph (1) must be given before the end of the period of 30 days beginning with the date on which the penalty notice was given.
(4) On an appeal under sub-paragraph (1), the Tribunal may—
(a) confirm or quash the decision to impose the penalty,
(b) confirm or vary the amount of the penalty,
(c) confirm or vary the period within which all or part of the penalty is to be paid.
(5) If an appeal is brought under sub-paragraph (1), the penalty which is the subject of the appeal is not payable until the appeal is determined or withdrawn.
Appeals: further provision
15 (1) If the Tribunal confirms or varies an account information notice or a penalty notice on an appeal under this Part, the person to whom the notice was given must comply with the notice—
(a) within such period as may be specified by the Tribunal, or
(b) if the Tribunal does not specify a period, within such period as may be specified by the Secretary of State and notified to the person.
(2) A decision by the Tribunal on an appeal under this Part is final (despite the provisions of sections 11 and 13 of the Tribunals, Courts and Enforcement Act 2007).

Part 5 - General provision and interpretation

Relevant benefits
16 In this Schedule “relevant benefit” means any of the following—
(a) a relevant social security benefit as defined in section 121DA(7);
(b) a child tax credit or working tax credit under the Tax Credits Act 2002;
(c) a payment, as mentioned in subsection (2)(d) of section 2 of the Employment and Training Act 1973, under arrangements made under that section.
Accounts
17 In this Schedule any reference to a person who holds an account includes a reference to—
(a) a person who holds an account jointly with one or more other persons, and
(b) a person who is a signatory, or one of the signatories, to an account,
and “holder” is to be construed accordingly.
General interpretation
18 In this Schedule—
“account” includes a financial product;
“account information notice” has the meaning given in paragraph 2;
“benefit” includes any allowance, payment, credit or loan;
“cryptoasset” means a cryptographically secured digital representation of value or contractual rights that—
(a) can be transferred, stored or traded electronically, and
(b) uses technology supporting the recording or storage of data (which may include distributed ledger technology);
“the data protection legislation” has the same meaning as in the Data Protection Act 2018 (see section 3(9) of that Act);
“document” means anything in which information (in whatever form) is recorded;
“financial product” includes a cryptoasset;
“notice” means notice in writing, and “notify” is to be read accordingly;
“penalty notice” is defined in paragraph 9(4);
“personal data” has the same meaning as in the Data Protection Act 2018 (see section 3(2) of that Act);
“processing” has the same meaning as in that Act (see section 3(4) of that Act);
“the Tribunal” means the First-tier Tribunal.
Relationship with other powers
19 Nothing in this Schedule limits the powers conferred on the Secretary of State by section 109B (power to require information).”

Part 2 - Social security administration (northern ireland) act 1992

7 The Social Security Administration (Northern Ireland) Act 1992 is amended as follows.
8 In section 103B (power to require information), after subsection (6) insert—
“(6A) Nothing in this section limits the powers conferred on the Department by Schedule 3B.”
9 In section 105 (delay, obstruction etc of inspector), in subsection (1)(b), after “otherwise than” insert “under Schedule 3B or”.
10 In Part 7 (information), before section 115D (and the italic heading before it) insert—
“Account information
115CB Power to require account information
Schedule 3B makes provision about a power for the Department to obtain account information.”
11 In section 166 (Assembly, etc. control of orders and regulations), after subsection (2)(b) insert—
“(c) to any regulations under paragraph 1(1), 9(3)(a) or 12 of Schedule 3B.”
12 After Schedule 3A insert—

“Schedule 3B - Power of department to require account information

Part 1 - Power to require account information

Power to give account information notices
(1) The Department may give an account information notice to a person of a prescribed description requiring the person to provide information as set out in paragraph 2 in connection with accounts that the person administers or to which the person has access.
(2) The power may be exercised only for the purpose of assisting the Department in identifying cases which merit further consideration to establish whether relevant benefits are being paid or have been paid in accordance with the statutory provisions and rules of law relating to those benefits.
Account information notices
2 (1) An account information notice is a notice requiring a person to give the Department—
(a) the names of the holders of accounts that the person identifies as being matching accounts in relation to a specified relevant benefit,
(b) other specified information relating to the holders of those accounts, and
(c) such further information in connection with those accounts as may be specified.
(2) An account information notice—
(a) may require information relating to a person who holds a matching account even if the person does not claim a relevant benefit;
(b) may not require information relating to any person who does not hold a matching account.
(3) “Matching accounts”, in relation to a specified relevant benefit, are accounts—
(a) linked to the receipt of that benefit, and
(b) in relation to which specified criteria relevant to that benefit, or specified criteria including such criteria, are met (for example, criteria about account balances or transactions outside the United Kingdom).
(4) Depending on the provision made by an account information notice, an account linked to the receipt of a relevant benefit may be a matching account if specified criteria are met in relation to a combination of accounts that includes that account.
(5) An account is to be regarded as linked to the receipt of a particular relevant benefit if it is—
(a) an account into which the benefit is (or is to be) paid,
(b) an account into which the benefit has been paid, or
(c) an account linked to an account within paragraph (a) or (b).
(6) An account is to be regarded as linked to another if the same person holds both accounts.
(7) An account information notice may not be framed in such a way as to require a person to interrogate historic data.
(8) Data is historic, in relation to a day when a person carries out a process to identify matching accounts, if it relates to a time before the beginning of the period of one year ending with that day.
(9) Information provided to the Department on a particular day in response to an account information notice must relate to accounts identified by means of a process carried out no more than seven days before that day.
(10) In this paragraph and paragraph 3 “specified” means—
(a) in the case of a relevant benefit, specified or denoted by a code in an account information notice;
(b) in every other case, specified or described in an account information notice.
Further provision about account information notices
3 (1) An account information notice may require the provision of documents, including the provision of a legible and intelligible copy of information recorded otherwise than in a legible form, and references in this Schedule to the provision of information are to be read accordingly.
(2) An account information notice may require information to be provided at specified intervals for a period not exceeding one year from the date of the notice.
(3) An account information notice other than one within sub-paragraph (2) must state the date by which or the period within which the information must be provided.
(4) An account information notice must give details about—
(a) rights of appeal, and
(b) the consequences of not complying with the notice.
(5) An account information notice may require information—
(a) to be compiled or collated in a specified manner;
(b) to be provided in a specified way (including by electronic transmission to a specified address or portal).
(6) The Department may vary or cancel an account information notice by notice to the person to whom it was given.
Restrictions on processing and data protection
(1) Except as provided by sub-paragraph (2), processing of information carried out in compliance with an account information notice does not breach—
(a) any obligation of confidence owed by the person processing the information, or
(b) any other restriction on the processing of information (however imposed).
(2) The power conferred by paragraph 1 does not authorise, and is not exercisable to require—
(a) processing of personal data that would contravene the data protection legislation (but in determining whether processing of personal data would do so, that power is to be taken into account);
(b) processing of information that is prohibited by any of Parts 1 to 7 or Chapter 1 of Part 9 of the Investigatory Powers Act 2016.
Use of information
5 (1) Information provided to the Department in response to an account information notice may be used by the Department only for the purposes of, or for any purposes connected with, the exercise of departmental functions.
(2) “Departmental functions” has the same meaning as in section 127 of the Welfare Reform Act 2012.

Part 2 - Code of practice

Code of practice
6 (1) The Department may issue a code of practice in connection with account information notices.
(2) Such a code may, in particular, include—
(a) provision about considerations relevant to—
(i) the exercise of powers conferred by Part 1;
(ii) the imposition of penalties under Part 3;
(b) provision designed to assist persons given account information notices in complying with such notices;
(c) provision about complaints in connection with such notices.
(3) If the Department decides to issue a code of practice, the Department must first prepare and publish a draft of the code of practice.
(4) If the Department considers it appropriate to proceed after considering any representations made concerning the draft and making any changes that the Department considers appropriate, the Department must—
(a) issue the code of practice, and
(b) lay it before the Assembly.
(5) The code of practice comes into force on the day on which it is issued.
Code of practice: revisions
7 (1) The Department may from time to time revise and re-issue the code of practice.
(2) Sub-paragraphs (3) to (5) of paragraph 6 apply in relation to a re-issue of the code of practice as they apply in relation to the first code of practice.
(3) But sub-paragraphs (3) and (4) of paragraph 6 do not apply if the only changes to be made to the code of practice are—
(a) updates of references to legislation or documents which have become out of date, or
(b) other minor corrections.
(4) The Department may withdraw a code of practice.
Code of practice: further provision
8 (1) The Department must have regard to a code of practice that is for the time being in force under this Part in exercising, or deciding whether to exercise, any function to which the code of practice is relevant.
(2) A person’s failure to observe any provision of a code of practice does not of itself make the person liable to any legal proceedings.
(3) A code of practice is admissible in evidence in any legal proceedings.

Part 3 - Penalties

Penalties for failure to comply
9 (1) If the Department considers that a person who has been given an account information notice has failed to comply with it, the Department must give the person an opportunity to make representations about the failure.
(2) Sub-paragraph (3) applies if, having considered any representations that are made, the Department has reasonable grounds to believe that the person has failed to comply with the account information notice and had no reasonable excuse for the failure.
(3) The Department may give the person—
(a) a notice requiring the person to pay a penalty of a prescribed amount (a “fixed penalty”);
(b) a notice requiring the person to pay a penalty calculated by reference to a daily rate (a “daily rate penalty”);
(c) a notice requiring the person to pay a fixed penalty and a daily rate penalty.
(4) A notice under sub-paragraph (3) is referred to in this Schedule as a penalty notice.
(5) A penalty notice imposing a fixed penalty must state—
(a) the amount of the penalty, and
(b) the period within which it must be paid.
(6) A penalty notice imposing a daily rate penalty must—
(a) state the daily rate of the penalty,
(b) state the date from which the penalty will begin to be payable, which must not be earlier than the day after the last date on which an appeal against the penalty may be brought under paragraph 14, and
(c) state that the penalty will continue to be payable at the daily rate until the date on which the person complies with the account information notice or such earlier date as may be specified.
(7) A penalty notice must also include information as to—
(a) the failure to which the penalty relates,
(b) how payment may be made,
(c) rights of appeal, and
(d) the consequences of non-payment (including, in the case of a daily rate penalty, the potential for the penalty to be increased as described in paragraph 10).
(8) The Department may vary or cancel a penalty notice by notice to the person to whom it was given.
(9) The maximum amount of a fixed penalty that may be prescribed is £1,000.
(10) Subject to paragraph 10, the daily rate of a daily rate penalty is to be such rate as the Department considers appropriate but it must not exceed £40.
Increased daily rate penalties
10 (1) This paragraph applies if—
(a) a daily rate penalty is imposed on a person by a penalty notice, and
(b) the failure to which the penalty relates continues for more than 30 days beginning with the first date on which the daily rate penalty is payable.
(2) The Department may make an application to the Tribunal for an increased daily rate penalty to be payable by the person.
(3) The Tribunal may determine that an increased daily rate penalty should be payable, and in that case, must determine the increased daily rate and the date from which the increased penalty will begin to be payable.
(4) In deciding the increased daily rate, the Tribunal must, in particular, have regard to—
(a) the likely cost to the person of not complying with the account information notice,
(b) any benefits to the person of not complying with it, and
(c) any benefits to anyone else resulting from the person’s non-compliance.
(5) The Tribunal may not determine a daily rate that exceeds £1,000.
(6) The Department must notify the person of the Tribunal’s determination.
Recovery of penalties
11 A penalty imposed by a penalty notice is recoverable—
(a) if a county court so orders, as if it were payable under an order of that court;
(b) if the High Court so orders, as if it were payable under an order of that Court.
Power to change maximum amount of penalties
12 Regulations may amend the amount for the time being specified in paragraph 9(9) or (10) or 10(5) to reflect a change in the value of money.

Part 4 - Appeals

Appeals against account information notices
13 (1) A person who is given an account information notice may appeal to the Tribunal against the notice, or any requirement of it, on any of the following grounds—
(a) the person is not a person to whom the notice may be given,
(b) a requirement of the notice is inconsistent with provision made by paragraph 2, or
(c) it is unduly onerous to comply with the notice or requirement.
(2) Notice of an appeal under sub-paragraph (1) must be given before the end of the period of 30 days beginning with the date on which the account information notice was given.
(3) On an appeal under sub-paragraph (1), the Tribunal may confirm, vary or quash the account information notice or a requirement of it, including by varying the period within which, or the frequency with which, information is to be provided.
(4) If an appeal is brought against an account information notice or any requirement of it, the notice or requirement (as the case may be) is of no effect until the appeal is determined or withdrawn, unless the Tribunal orders otherwise.
Appeals against penalty notices
14 (1) A person who is given a penalty notice may appeal to the Tribunal against—
(a) the notice,
(b) the amount of the penalty, or
(c) in the case of a daily rate penalty, the period during which the daily amounts are payable.
(2) But sub-paragraph (1)(b) does not give a right of appeal against the amount of an increased daily rate penalty determined by the Tribunal under paragraph 10.
(3) Notice of an appeal under sub-paragraph (1) must be given before the end of the period of 30 days beginning with the date on which the penalty notice was given.
(4) On an appeal under sub-paragraph (1), the Tribunal may—
(a) confirm or quash the decision to impose the penalty,
(b) confirm or vary the amount of the penalty,
(c) confirm or vary the period within which all or part of the penalty is to be paid.
(5) If an appeal is brought under sub-paragraph (1), the penalty which is the subject of the appeal is not payable until the appeal is determined or withdrawn.
Appeals: further provision
15 (1) If the Tribunal confirms or varies an account information notice or a penalty notice on an appeal under this Part, the person to whom the notice was given must comply with the notice—
(a) within such period as may be specified by the Tribunal, or
(b) if the Tribunal does not specify a period, within such period as may be specified by the Department and notified to the person.
(2) A decision by the Tribunal on an appeal under this Part is final (despite the provisions of sections 11 and 13 of the Tribunals, Courts and Enforcement Act 2007).

Part 5 - General provision and interpretation

Relevant benefits
16 In this Schedule “relevant benefit” means any of the following—
(a) a relevant social security benefit as defined in section 115CA(7);
(b) a child tax credit or working tax credit under the Tax Credits Act 2002;
(c) a payment, as mentioned in subsection (1A)(d) of section 1 of the Employment and Training Act (Northern Ireland) 1950, under arrangements made under that section.
Accounts
17 In this Schedule any reference to a person who holds an account includes a reference to—
(a) a person who holds an account jointly with one or more other persons, and
(b) a person who is a signatory, or one of the signatories, to an account,
and “holder” is to be construed accordingly.
General interpretation
18 In this Schedule—
“account” includes a financial product;
“account information notice” has the meaning given in paragraph 2;
“benefit” includes any allowance, payment, credit or loan;
“cryptoasset” means a cryptographically secured digital representation of value or contractual rights that—
(a) can be transferred, stored or traded electronically, and
(b) uses technology supporting the recording or storage of data (which may include distributed ledger technology);
“the data protection legislation” has the same meaning as in the Data Protection Act 2018 (see section 3(9) of that Act);
“document” means anything in which information (in whatever form) is recorded;
“financial product” includes a cryptoasset;
“notice” means notice in writing, and “notify” is to be read accordingly;
“penalty notice” is defined in paragraph 9(4);
“personal data” has the same meaning as in the Data Protection Act 2018 (see section 3(2) of that Act);
“processing” has the same meaning as in that Act (see section 3(4) of that Act);
“the Tribunal” means the First-tier Tribunal.
Relationship with other powers
19 Nothing in this Schedule limits the powers conferred on the Department by section 103B (power to require information).”

Part 3 - Proceeds of crime act 2002

13 (1) The Proceeds of Crime Act 2002 is amended as follows.
(2) In section 330 (failure to disclose: regulated sector), after subsection (7D) insert—
“(7E) Nor does a person commit an offence under this section if—
(a) the information or other matter mentioned in subsection (3) consists of or includes information that was obtained only in consequence of the carrying out of a process to identify matching accounts in response to an account information notice given to the person under paragraph 1 of Schedule 3B to the Social Security Administration Act 1992 or paragraph 1 of Schedule 3B to the Social Security Administration (Northern Ireland) Act 1992, and
(b) but for the information so obtained the person would not have reasonable grounds for knowing or suspecting that another person is engaged in money laundering.”
(3) In section 331 (failure to disclose: nominated officers in the regulated sector), after subsection (6B) insert—
“(6C) Nor does a person commit an offence under this section if—
(a) the information or other matter disclosed to the person under section 330 consists of or includes information that was obtained only in consequence of the carrying out of a process to identify matching accounts in response to an account information notice given to the person under paragraph 1 of Schedule 3B to the Social Security Administration Act 1992 or paragraph 1 of Schedule 3B to the Social Security Administration (Northern Ireland) Act 1992, and
(b) but for the information so obtained the person would not have reasonable grounds for knowing or suspecting that another person is engaged in money laundering.””—(Sir John Whittingdale.)
This new Schedule amends social security legislation to give the Secretary of State or, in Northern Ireland, the Department for Communities, a new power to give an information notice to certain bodies (to be specified in regulations) that administer accounts, requiring them to provide information about accounts in receipt of social security benefits (etc) which match criteria set out in the notice.
Brought up, and read the First and Second time.
Question put, That the schedule be added to the Bill.

The House divided: Ayes 274, Noes 52.
Question accordingly agreed to.
New schedule 1 read a Second time, and added to the Bill.
Proceedings interrupted (Programme Order, 17 April).
The Deputy Speaker put forthwith the Questions necessary for the disposal of the business to be concluded at that time (Standing Order No. 83E).

New Schedule 2 - National Underground Asset Register: monetary penalties

‘In the New Roads and Street Works Act 1991, after Schedule 5 insert—

“Schedule 5A - Monetary penalties in relation to requirements under Part 3a

Power to impose monetary penalties
1 (1) The Secretary of State may give a notice (a “penalty notice”) imposing a penalty on a person if satisfied on the balance of probabilities that the person—
(a) has failed to comply with a requirement imposed on the person to—
(i) pay a fee in accordance with regulations under section 106C(1), or
(ii) provide information in accordance with regulations under section 106D(1) or (2), or
(b) has, in purported compliance with a requirement imposed on the person under regulations under section 106D(1) or (2), provided information that is false or misleading in a material respect.
(2) The amount of a penalty imposed by a penalty notice must be such amount as is specified in, or determined in accordance with, regulations made by the Secretary of State.
(3) A penalty imposed by a penalty notice must be paid to the Secretary of State within such period as may be specified in the notice.
(4) The Secretary of State may not give more than one penalty notice to a person in respect of the same failure or conduct.
(5) Regulations under this paragraph are subject to the affirmative procedure.
Warning notices
2 (1) Where the Secretary of State proposes to give a penalty notice to a person the Secretary of State must give the person a notice (a “warning notice”) notifying the person of the Secretary of State’s proposal.
(2) A warning notice must—
(a) state the name and address of the person to whom the Secretary of State proposes to give a penalty notice;
(b) give reasons why the Secretary of State proposes to give the person a penalty notice;
(c) state the amount of the proposed penalty;
(d) specify the date before which the person may make written representations to the Secretary of State.
(3) The date specified under sub-paragraph (2)(d) must be a date falling at least 28 days after the day on which the warning notice is given.
Penalty notices
3 (1) Within the period of six months beginning with the day on which a warning notice is given to a person the Secretary of State must give to the person—
(a) a notice stating that the Secretary of State has decided not to give a penalty notice to the person, or
(b) a penalty notice.
(2) But the Secretary of State may not give a penalty notice to a person before the end of the period specified in the warning notice for making written representations.
(3) A penalty notice given to a person must—
(a) state the name and address of the person;
(b) give details of the warning notice given to the person;
(c) state whether or not the Secretary of State has received written representations in accordance with that notice;
(d) give reasons for the Secretary of State’s decision to impose a penalty on the person;
(e) state the amount of the penalty;
(f) give details of how the penalty may be paid;
(g) specify the date before which the penalty must be paid;
(h) give details about the person’s rights of appeal;
(i) give details about the consequences of non-payment.
(4) The date specified under sub-paragraph (3)(g) must be a date falling at least 28 days after the day on which the penalty notice is given.
(5) The Secretary of State may cancel a penalty notice by giving a notice to that effect to the person to whom the penalty notice is given.
(6) If a penalty notice is cancelled the Secretary of State—
(a) may not give a further penalty notice in relation to the failure or conduct to which the notice relates, and
(b) must repay any amount that has been paid in accordance with the notice.
Enforcement
4 If a person does not pay the whole or any part of a penalty which the person is liable to pay under this Schedule the penalty or part of the penalty is recoverable—
(a) if the county court so orders, as if it were payable under an order of that court;
(b) if the High Court so orders, as if it were payable under an order of that court.
Appeals
5 (1) A person who is given a penalty notice may appeal to the First-tier Tribunal (“the Tribunal”) against the decision to give the notice or any requirement of it.
(2) An appeal may be on the ground that the decision or requirement—
(a) is based on an error of fact,
(b) is wrong in law, or
(c) is unreasonable.
(3) But an appeal against the amount of a penalty may not be made on the ground mentioned in sub-paragraph (2)(c).
(4) An appeal under this paragraph must be made before the end of the period of 28 days beginning with the day on which the penalty notice is given.
(5) On an appeal the Tribunal may—
(a) confirm or quash the decision to give the penalty notice, or
(b) confirm or vary any requirement of it.
(6) In determining an appeal the Tribunal may—
(a) review any determination of fact on which the decision or requirement appealed against is based, and
(b) take into account evidence which was not available to the Secretary of State when giving the notice.
(7) Where an appeal in respect of a penalty notice is made under this paragraph the notice is of no effect until the appeal is determined or withdrawn.
(8) Where an appeal is or may be made to the Upper Tribunal in relation to a decision of the Tribunal under this paragraph, the Upper Tribunal may suspend the notice to which the appeal relates until the appeal is determined or withdrawn.
(9) If the Tribunal confirms or varies a decision or requirement appealed against under this paragraph, the person to whom the penalty notice is given must comply with the notice or the notice as varied (as the case may be)—
(a) within such period as may be specified by the Tribunal, or
(b) if the Tribunal does not specify a period, within such period as may be specified by the Secretary of State and notified to the person.”.’—(Sir John Whittingdale.)
This amendment inserts a new Schedule 5A into the New Roads and Street Works Act 1991 which makes provision about the imposition of monetary penalties in relation to requirements contained in new Part 3A of that Act (see Amendment NC39).
Brought up, and added to the Bill.

Schedule 1 - Lawfulness of processing: recognised legitimate interests

Amendments made: 266, page 141, line 23, leave out from “processing” to end and insert “falls within paragraph 10”.
This amendment and Amendment 267 are consequential on the insertion of a new definition of “democratic engagement” by Amendment 269.
Amendment 267, page 141, leave out lines 26 and 27 and insert—
“10. Processing falls within this paragraph if—”.
See the explanatory statement for Amendment 266.
Amendment 268, page 141, line 35, leave out from beginning to end of line 5 on page 142 and insert—
“(i) is carried out by a registered political party, and
(ii) is necessary for the purposes of the party’s election activities or democratic engagement activities,”.
This amendment clarifies the types of processing by a registered political party that fall within paragraph 10 of new Annex 1 to the UK GDPR (lawfulness of processing: recognised legitimate interests). See also the definitions inserted by Amendments 269, 273 and 274.
Amendment 269, page 142, line 19, at end insert—
“10A. For the purposes of paragraph 10(a) and (b)—
(a) “democratic engagement activities” means activities whose purpose is to support or promote democratic engagement;
(b) “democratic engagement” means engagement by the public, a section of the public or a particular person with, or with an aspect of, an electoral system or other democratic process in the United Kingdom, either generally or in connection with a particular matter, whether by participating in the system or process or engaging with it in another way;
(c) examples of democratic engagement activities include activities whose purpose is—
(i) to promote the registration of individuals as electors;
(ii) to increase the number of electors participating in elections for elected representatives, referendums or processes for recall petitions in which they are entitled to participate;
(iii) to support an elected representative or registered political party in discharging functions, or carrying on other activities, described in paragraph 10(a) or (b);
(iv) to support a person to become a candidate for election as an elected representative;
(v) to support a campaign or campaigning referred to in paragraph 10(c), (d) or (e);
(vi) to raise funds to support activities whose purpose is described in points (i) to (v);
(d) examples of activities that may be democratic engagement activities include—
(i) gathering opinions, whether by carrying out a survey or by other means;
(ii) communicating with electors.”
This amendment clarifies the meaning of “democratic engagement activities” in new Annex 1 to the UK GDPR (which describes circumstances in which processing of personal data meets the requirement for lawfulness under Article 6 of the UK GDPR).
Amendment 270, page 142, leave out line 20 and insert—
“11. In paragraphs 9 to 14—”.
This amendment is consequential on Amendments 269, 273 and 277.
Amendment 271, page 142, leave out lines 26 and 27.
This amendment is consequential on Amendment 269.
Amendment 272, page 142, line 29, after “13” insert “, 13A”.
This amendment is consequential on Amendment 277.
Amendment 273, page 142, line 29, at end insert—
““election activities” , in relation to a registered political party, means—
(a) campaigning in connection with an election for an elected representative, and
(b) activities whose purpose is to enhance the standing of the party, or of a candidate standing for election in its name, with electors;
“elector” means a person who is entitled to vote in an election for an elected representative or in a referendum;”.
This amendment inserts definitions of terms used in provision inserted by Amendments 268 and 269.
Amendment 274, page 142, line 36, at end insert—
““registered political party” means a person or organisation included in a register maintained under section 23 of the Political Parties, Elections and Referendums Act 2000;
“successful” , in relation to a recall petition, has the same meaning as in the Recall of MPs Act 2015 (see section 14 of that Act).”
This amendment inserts definitions of terms used in provision inserted by Amendments 268, 269 and 277.
Amendment 275, page 142, line 37, after “in” insert
“the definitions of “candidate” and “elected representative” in”.
This minor amendment inserts words specifying that the table in paragraph 12 of new Annex 1 to the UK GDPR is relevant for the purposes of certain definitions in paragraph 11 of that Annex.
Amendment 276, page 143, line 36, at end insert—

  

  “(ga) a mayor for the area of a combined county authority established under section 9 of the Levelling-up and Regeneration Act 2023
  section 118A of the Representation of the People Act 1983, as applied by the Combined Authorities (Mayoral Elections) Order 2017  (S.I. 2017/67)”.

  

This amendment adds mayors for the area of a combined county authority established under section 9 of the Levelling-up and Regeneration Act 2023 to the list of elected representatives in new Annex 1 to the UK GDPR (lawfulness of processing: recognised legitimate interests).
Amendment 277, page 144, line 30, at end insert—
“13A. For the purposes of the definition of “elected representative” in paragraph 11, where a member of the House of Commons’s seat becomes vacant as a result of a successful recall petition, that person is to be treated as if they were a member of the House of Commons until the end of the period of 30 days beginning with the day after—
(a) the day on which the resulting by-election is held, or
(b) if earlier, the day on which the next general election in relation to Parliament is held.”—(Sir John Whittingdale.)
This amendment extends the period for which a member of the House of Commons who is the subject of a successful recall petition is treated as an “elected representative” for the purposes of paragraphs of new Annex 1 to the UK GDPR (lawfulness of processing: recognised legitimate interests) relating to democratic engagement.

Schedule 2 - Purpose limitation: processing to be treated as compatible with original purpose

Amendments made: 208, page 145, line 20, at end insert—
“Disclosure for the purposes of archiving in the public interest
1A. This condition is met where—
(a) the processing—
(i) is necessary for the purposes of making a disclosure of personal data to another person (“R”) in response to a request from R, and
(ii) is carried out in accordance with Article 84B,
(b) the controller in relation to the processing collected the personal data based on Article 6(1)(a) (data subject’s consent),
(c) the request from R states that R intends to process the personal data only for the purposes of archiving in the public interest, and
(d) the controller reasonably believes that R will carry out that processing in accordance with generally recognised standards relevant to R’s archiving in the public interest.”
This amendment enables certain further processing of personal data, for the purposes of archiving in the public interest, where the original processing was based on consent of the data subject.
Amendment 209, page 146, line 29, leave out “carried out” and insert “necessary”.—(Sir John Whittingdale.)
This amendment amends a condition which, if met, results in processing of personal data for a new purpose being treated as compatible with the original purpose for which it was collected. It provides that, in order for processing to meet the condition, it must be necessary for the purpose described (assessment or collection of tax).

Schedule 4 - Obligations of controllers and processors: consequential amendments

Amendments made: 210, page 149, line 23, leave out paragraph 8 and insert—
“8 In Article 49 (derogations for specific authorities), for paragraph 6 substitute—
“6. The controller or processor must—
(a) maintain appropriate records of the assessment and safeguards referred to in the second subparagraph of paragraph 1, and
(b) make the records available to the Commissioner on request.””
This amendment maintains the duty to keep records of assessments made, and safeguards provided, in accordance with Article 49 of the UK GDPR, but removes the requirement to keep them as part of the general records of processing (see Article 30, which is to be replaced by new Article 30A inserted by clause 16).
Amendment 211, page 151, line 11, leave out paragraph 21 and insert—
“21 For paragraph 41 of Schedule 1 (additional safeguard for processing of special categories of personal data etc: record of processing) substitute—
“41 “(1) A controller must maintain appropriate records of processing of personal data carried out in reliance on a condition described in paragraph 38.
(2) The records must include the following information—
(a) which condition is relied on,
(b) how the processing satisfies Article 6 of the UK GDPR (lawfulness of processing), and
(c) whether the personal data is retained and erased in accordance with the policies described in paragraph 39(b) and, if it is not, the reasons for not following those policies.
(3) The controller must make the records available to the Commissioner on request.””—(Sir John Whittingdale.)
This amendment maintains the duty to keep records of processing in reliance on certain conditions in Schedule 1 to the Data Protection Act 2018, but removes the requirement to keep them as part of the general records of processing (see Article 30, which is to be replaced by new Article 30A inserted by clause 16).

Schedule 10 - Privacy and electronic communications: Commissioner’s enforcement powers

Amendment made: 212, page 181, line 12, leave out “141” and insert “141A”.—(Sir John Whittingdale.)
This amendment is consequential on Amendment NC8.

Title

Amendments made: 213, line 10, after “purposes;” insert
“to make provision for a power to obtain information for social security purposes;”.
This amendment is consequential on new clause NC34 and new Schedule NS1.
Amendment 214, line 10, after “purposes;” insert
“to make provision about the retention of information by providers of internet services in connection with investigations into child deaths;”.
This amendment is consequential on new clause NC35.
Amendment 215, line 11, after “deaths;” insert
“to make provision about the recording and sharing, and keeping of a register, of information relating to apparatus in streets;”.
This amendment is consequential on Amendments NC39, NC40 and NS2.
Amendment 216, line 13, after “about” insert “retention and”.—(Sir John Whittingdale.)
This amendment is consequential on new clauses NC36, NC37 and NC38.
Third Reading

John Whittingdale: I beg to move, That the Bill be now read the Third time.
This Bill will deliver tangible benefits to British consumers and businesses alike, which would not have been possible if Britain had still been a member of the European Union. It delivers a more flexible and less burdensome data protection regime that maintains high standards of privacy protection while promoting growth and boosting innovation. It does so with the support of the Information Commissioner, and without jeopardising the UK’s European Union data adequacy.
I would like to thank all Members who contributed during the passage of the Bill, and all those who have helped get it right. I now commend it to the House on its onward passage to the other place.

Roger Gale: I call the shadow Minister.

Chris Bryant: I, too, would like to thank the Clerks for their help. They are always enormously helpful, especially to Opposition Members, and sometimes to Government Members as well. I would like to commend my close friend, my hon. Friend the Member for Barnsley East (Stephanie Peacock), who took the Bill through Committee for our side. I think the Minister suggested that it was rather more fun having her up against him than me, which was very cruel and unkind of him.
We support the Bill, although I suspect that regulatory divergence is a bit of a chimera, and that regulatory convergence in this field will give UK businesses greater stability and certainty, but that is for another day. I also worry about the extensive powers that Ministers are giving themselves, and the suggestion that they will switch off the rules on direct marketing in the run-up to a general election. Then there is new schedule 1. I repeat the offer I have made several times, which is that we stand ready to knock that into far better shape, whether in meetings we have privately or through our colleagues in the House of Lords. I feel ashamed to say it, but I hope the Lords are able to do the line-by-line scrutiny that we have been prevented from doing today.

Roger Gale: I call the SNP spokesperson.

Patrick Grady: The Minister said that this Bill would not have been possible without Brexit. I think the expression he was looking for is that this Bill would not have been necessary if it had not been for Brexit. This is yet another example of the Government having to play catch-up and having to get themselves out of the holes they dug themselves into through an ill-thought-out Brexit and driving for the hardest possible exit from the European Union.
That said, I do want to echo the thanks given and the tributes paid to the Bill team, and to the Clerks, who have had to work particularly hard in recent days given the significant number of Government amendments tabled at the last minute. I also thank my hon. Friend the Member for Glasgow North West (Carol Monaghan) for her work on Second Reading and in Committee, as well as our research team, especially Josh Simmons-Upton and the many stakeholders who have provided briefings and research, particularly the team at the Public Law Project, who have done excellent work in drawing out some of the most concerning aspects of the Bill. It always concerned me when the briefings came in, entitled “PLP briefing”—I did a doubletake as I thought I was on somebody else’s mailing list.
Although some of what is in the Bill is necessary, particularly following the UK’s withdrawal from the European Union, much of it represents a further power grab by the Executive and risks doing exactly the opposite of what the Government say they want it to achieve: making life easier for business, and improving public confidence in data handling and the use of artificial intelligence.
The SNP will oppose the Bill, and the Government should take the opportunity to start from scratch with a process that listens to consultation responses and involves genuine and detailed parliamentary scrutiny. If the Bill proceeds to the Lords, it will once again fall to the unelected House to more fully interrogate it. That will no doubt lead to several rounds of ping-pong in due course, almost certainly as a result of amendments both from the Government and from the Opposition or Cross-Benchers in the Upper House. That is sub-optimal, as is the case with so much of what seems to happen down here these days. The sooner Scotland has power over this area, and indeed all aspects of legislation, as an independent country, the better.
Question put, That the Bill be now read the Third time.

The House divided: Ayes 269, Noes 31.
Question accordingly agreed to.
Bill read the Third time and passed.

Business without Debate

Delegated Legislation

Motion made, and Question put forthwith (Standing Order No. 118(6)),

Health Services

That the draft Health Care Services (Provider Selection Regime) Regulations 2023 which were laid before this House on 19 October, in the last session of Parliament, be approved.—(Scott Mann.)
Question agreed to.
Motion made, and Question put forthwith (Standing Order No. 118(6)),

Financial Services

That the draft Financial Services and Markets Act 2023 (Resolution of Central Counterparties: Partial Property Transfers and Safeguarding of Protected Arrangements) Regulations 2023, which were laid before this House on 16 October, in the last session of Parliament, be approved.—(Scott Mann.)
Question agreed to.
Motion made, and Question put forthwith (Standing Order No. 118(6)),

Financial Services

That the draft Resolution of Central Counterparties (Modified Application of Corporate Law and Consequential Amendments) Regulations 2023, which were laid before this House on 16 October, in the last session of Parliament, be approved.—(Scott Mann.)
Question agreed to.
Motion made, and Question put forthwith (Standing Order No. 118(6)),

Financial Services and Markets

That the draft Payment and Electronic Money Institution Insolvency (Amendment) Regulations 2023, which were laid before this House on 25 October, in the last session of Parliament, be approved.—(Scott Mann.)
Question agreed to.
Motion made, and Question put forthwith (Standing Order No. 118(6)),

Retained EU Law Reform

That the draft Plant Protection Products (Miscellaneous Amendments) Regulations 2023, which were laid before this House on 23 October, in the last session of Parliament, be approved.—(Scott Mann.)
Question agreed to.

Business of the House  (Private Members’ Bills)

Ordered,
That Private Members’ Bills shall have precedence over Government business on 19 January, 26 January, 2 February, 23 February, 1 March, 15 March, 22 March, 19 April, 26 April, 17 May, 7 June, 14 June and 21 June 2024.—(Penny Mordaunt.)

Petition - Ceasefire in Palestine

6.17 pm

Anne McLaughlin: In recent days, we have had a pause in the violence in Palestine. That pause has allowed some aid to get through, and some Israelis and some Palestinians to be released. Instead of people being bombed or shot, maimed or killed, they have been reunited with their families. Nobody could fail to be moved by the scenes of families crying with relief on our television screens, just as nobody could fail to be horrified by the killing of so many thousands of innocent people. My constituents want to see more of the former and no more of the latter. They want to see aid reaching everyone who needs it, and they want to see mothers and fathers on all sides getting their children back.
The petition states:
The petition of residents of the United Kingdom,
Declares that the only and quickest route to lasting peace in Palestine is for all sides to support and adhere to full ceasefire; condemns violence against people for simply being Israeli, equally condemns violence against people simply for being Palestinian; mourns the growing death toll of women, men and children and grieves for the thousands more traumatised by what they have witnessed and experienced.
The petitioners therefore request that the House of Commons urges the Government to add its voice to international calls for an immediate and permanent ceasefire so that aid can continue to reach Palestinians; bombed out homes, universities and hospitals in Palestine can be rebuilt and the process to finding last peace with a two state solution can begin.
And the petitioners remain, etc.
[P002882]

Refugee Family Reunion Routes: Sudan

Motion made, and Question proposed, That this House do now adjourn.—(Scott Mann.)

Stuart McDonald: I am grateful to have the opportunity to draw the House’s attention to the catastrophic situation in Sudan and to highlight the circumstances of the people in danger there, some of whom have family members recognised as refugees here in the United Kingdom. I hope to take this time to illustrate how the UK’s family reunion rules make it incredibly difficult for those individuals—most of them children—to join their family members here. Finally, I want to ask the Government to think again about how they apply the family reunion rules, given the horrendous circumstances that those individuals face, and to urge the Minister and his colleagues to think about a new approach to facilitate and support reunion with family members here rather than hindering it, as seems to be the case in too many instances.
I turn, first, to the circumstances in Sudan. What is unfolding there has been described by the United Nations as one of the
“worst humanitarian nightmares in recent history.”
Since fighting broke out between the Sudanese armed forces and the paramilitary Rapid Support Forces, more than 9,000 have been killed. Horrific reports of rape and sexual violence continue to emerge, and clashes are increasingly along ethnic lines, particularly in Darfur. Every hour children are killed, injured or abducted. Many hospitals have had to suspend operations; others have been bombed or turned into military bases.
Last month, the Minister for Africa said that the violence there bore
“all the hallmarks of ethnic cleansing”.
The fighting that commenced in mid-April has led to more than 1 million people fleeing Sudan altogether to neighbouring Chad, Egypt, Ethiopia, South Sudan and the Central African Republic. Meanwhile, more than 5 million have been forced from their homes, internally displaced within Sudan. Among those displaced are almost 1.5 million refugees and asylum seekers from other countries, who had already had to flee persecution in their home territories to Sudan, particularly Eritrean nationals. More than 6 million people are on the edge of famine, and more than 20 million face acute food insecurity. More than 4 million women and girls face the risk of gender-based violence, with limited or no access to protection services and support.
Against that background, I have had the pleasure of working with the Refugee and Migrant Forum of Essex and London—RAMFEL—which has a number of refugee clients here in the UK with family members stuck in Sudan who want to get here. Altogether, RAMFEL represents 14 individuals—a tiny sample of that country—who have been struggling to leave Sudan to join their family here. Seven months on from the start of the most recent conflict, only two have made it here so far. Of those two, one—a child—was successful only after an appeal. Of the 12 who have not yet made it here, all are children under 18. Ten are Eritrean, and two are Sudanese. Of those 12, eight are still in Sudan itself—children in a  war zone, facing extreme danger. The other four have made it to neighbouring countries but, as we will see, they are not out of danger yet.
To all reasonable observers, given the circumstances of those children, reunion with their family members in the United Kingdom must be appropriate and the right thing to do. Is it not precisely for such situations that we have family reunion policies at all? Family reunion would provide a safe legal route to the UK, allowing both the individuals here and those coming here to get on with rebuilding their lives. It would remove any temptation to seek assistance from people smugglers—breaking the business model, to borrow that expression. Most fundamentally, those children would be safe.

Jim Shannon: I commend the hon. Member for Cumbernauld, Kilsyth and Kirkintilloch East (Stuart C. McDonald) on securing this debate—that constituency is quite a mouthful, and I hope I pronounced it right. He is at the fore in addressing this issue. In Sudan, 4.3 million people have been displaced, and 1.1 million are living in five neighbouring countries. The British Red Cross has been instrumental in reuniting more than 10,000 displaced people and their families. It can offer support with visa applications if the individual is based in London, Liverpool, Preston or Plymouth, according to its website. Does he agree that it is important to have visa assistance hubs throughout the United Kingdom of Great Britain and Northern Ireland, with at least one for the devolved institutions in Northern Ireland.

Stuart McDonald: The hon. Gentleman makes perfect sense. Organisations such as the Red Cross and RAMFEL, which I have been working with on this topic, are fantastic. The more support we can give them and people across the United Kingdom, the better.
These are precisely the circumstances in which we should have refugee family reunion rules. I regret to report that, unfortunately, the rules and processes are making it harder for these people than it should be. In particular, while UK rules are pretty generous for spouses, partners and children—I acknowledge that—they are more restrictive for other categories of relative, including siblings. Most of the children I am talking about today have lost their parents, and it is an older sibling here in the UK that they are seeking to join.
Furthermore, the rules require enrolment of biometric information before an application will even be looked at. That means the children cannot even get over the starting line, because the visa application centre in Sudan, understandably, had to close after the outbreak of the conflict. If there is no way to safely provide biometric information, surely we should stop asking for it in advance?
I will set out precisely how the application of the family reunion rules and procedures has impacted on the children. I am using pseudonyms to protect the identity of individuals. Sixteen-year-old Adila fled to Sudan to escape persecution in Eritrea, including forced conscription into the army. As a lone 16-year-old girl in a war zone, she clearly faces significant risks. She has already been displaced from Khartoum to a city in eastern Sudan and is struggling severely with her mental health. She seeks family reunion with her older brother, who is a recognised refugee here in the UK. However, hers is one of a number of cases that cannot get off the  ground because the Home Office insists she attends a visa application centre to enrol biometric information. The centre in Sudan is closed, so that would mean having to make an irregular and dangerous journey to a neighbouring country to do it there.
I acknowledge that the Home Office does consider applications to defer enrolment of biometric information until the person either arrives at or is at least en route to the UK, so that the application can proceed. But even a cursory look at the relevant policy document shows that it is only in very few circumstances indeed where the Home Office allows that to happen. When 16-year-old Adila asked to defer enrolment, she was refused that application. The Home Office said she had not proved her identity with reasonable certainty and asserted that having crossed one border irregularly—fleeing Eritrea to get to Sudan—she could obviously manage to do so again.
I do not believe that that is a fair approach to take to a 16-year-old girl in Sudan. Allowance has to be made for the fact that Eritrean refugees in Sudan will almost certainly not be able to produce passports. A degree of latitude is therefore required. The idea that because someone fled over a border in fear of persecution, they can just be called on to make another dangerous and irregular journey is in itself a dangerous idea. It rides a coach and horses through the Home Office’s own policy. It would not be worth the paper it is written on. If an unaccompanied 16-year-old girl in a war zone cannot avail herself of the deferral policy, who on earth can?
Seven of the other individuals are in a similar situation. They cannot apply because they are in Sudan and there is no place to go to enrol their biometric information. Even among those who have made it out of Sudan, similar issues can arise. For example, Fatima, a 15-year-old Eritrean girl, had originally made a family application to join her brother in the UK just prior to the outbreak of the war in Sudan. She had got as far as booking an appointment at the visa application centre in Khartoum. That, of course, had to be cancelled when the centre closed after the outbreak of fighting. Fatima ended up trafficked from Khartoum to South Sudan some weeks after the outbreak of war, and was released only on the payment of a ransom. She clearly remains at severe risk of kidnapping, sexual exploitation and all other manners of harm. There is no visa application centre in South Sudan, but again the Home Office refused to defer biometric enrolment.
RAMFEL asked the Home Office if, as an alternative, mobile biometric enrolment could take place—someone would travel to South Sudan from a regional VAC to take the biometrics there. If required, RAMFEL would offer to pay, but even that reasonable offer was refused. I ask the question again: if those circumstances do not merit the deferral of biometric enrolment or other compromise action, what on earth does?

Patrick Grady: Is that not the problem with the hostile environment? There are no circumstances; they do not want people to come. It does not matter how dreadful the circumstances are that people are living in. It does not matter that this is the country where they have family members who can make them feel at home and welcome, and help them to start to overcome the trauma they have gone through. The Home Office does not want to know. Computer says no. The door is closed.

Stuart McDonald: “Computer says no” is pretty close to the bone. The Home Office has a policy on biometric enrolment, and it sticks rigidly to it even when dramatic circumstances such as those persisting in Sudan mean that a different approach should be taken.
The Home Office can take a different approach, and it has done so in certain circumstances. The Minister would not like it if I made a comparison with Ukraine, and I do not want to do so, but I simply point out that, in those incredible circumstances, the Home Office was able to take a different approach. I am not asking for anything remotely approaching what was done in that situation; I am just asking the Home Office to be a little more deft, a wee bit more responsive, and to think about the considerations that should apply for people applying from Sudan.

Anne McLaughlin: I am sure my hon. Friend is aware that there is a big Sudanese community in Glasgow, and I remember a meeting I had with a number of Sudanese people who made that very point about Ukraine. They said, “We want this country to look after Ukrainians. Of course, it has to look after them; they are going through a terrible war and they are being attacked—but so are our families. What is the difference?” Does my hon. Friend understand how important this debate will be to Sudanese people living in this country? At last, somebody is talking about their pain and cares enough to secure a debate in the House of Commons. I know they really appreciate everything he is trying to do.

Stuart McDonald: I am grateful to my hon. Friend for her remarks, but the tribute should be paid to RAMFEL and the other organisations out there that do amazing work on behalf of the Sudanese community.
There are people who would make a legitimate argument that there should be some sort of equivalence in the treatment of Ukraine and Sudan, but that is not the case I am making tonight. I am simply saying that the Home Office showed in the case of Ukraine that it was willing to apply different rules, or to apply the same rules differently. It was able to be nimble and to respond accordingly to a grave situation. This, too, is a grave situation and there should be some sort of flexibility in the response.
On this point, the solution is pretty obvious: we need a more generous set of exceptions to the rule that requires biometric information be provided in advance. I am not the only one saying that. The House of Lords Justice and Home Affairs Committee recently reported on family migration:
“The Home Office should exercise its discretion to lift or delay the requirement to submit biometrics when this would involve travelling in dangerous conditions or outside the applicant’s country of residence. The Home Office should allow biometrics to be completed on arrival in the UK for a wider range of nationalities in crisis situations.”
That seems to be the compassionate and common-sense thing to do. If the Minister is not willing to go as far as the Committee suggests, surely he must see that the application of the rules in the types of circumstances I have described is gravely unsettling and must be revisited in some form.
I turn next to rules in relation to siblings. Even those who ultimately are able to jump through the first administrative hoop are far from guaranteed success in  their family reunion application. Existing rules focus on family reunion for spouses and for children under 18. I have spoken in previous debates about various problems with what I regard as the overly restrictive category of relationships that can benefit from family reunion without further tests applying, but today I will focus on siblings.
Given the situation prevailing in Sudan and neighbouring countries, many children find themselves either orphaned or without any contact with their parents. For these kids, their siblings here in the UK are essentially their only remaining family. That said, if a 15-year-old seeks to join their 20-year-old brother here, they must first pay a fee and a health surcharge, unless they are granted a waiver, which adds an additional hurdle. Then, as well as proving their relationship, they must show that there are exceptional circumstances and that the refusal of their application would result in unjustifiably harsh consequences for the applicant.
Meeting those tests can be surprisingly difficult. It often seems that the general country situation, however hellish, will never be enough to make a person’s circumstances—even a child’s circumstances—exceptional enough to overcome that hurdle. A person seems to need to be able to show that their circumstances are exceptional, even compared with other individuals in that country—in that warzone. That is a hugely difficult prospect, likely requiring legal advice and lawyers, and it is difficult to obtain the necessary evidence.
Surely the Home Office can be more responsive to the situation on the ground in Sudan. At the very least, could we not have clear guidance that any child living unaccompanied in Sudan should be treated as meeting the necessary tests of exceptionality and harsh consequences, and therefore should, in principle, be allowed to be reunited with a UK-based sibling? Surely that is the bare minimum we can do.
As I said, even if those tests are overcome, the fact that siblings are not considered “core” family members for the purposes of the rules has other consequences. I turn to another case study. Two unaccompanied Eritrean children saw a household member killed. One of the kids was beaten up during the same raid. They submitted applications for family reunion in November 2022, some months before the most recent upsurge in fighting. The applications were originally refused, but an appeal was lodged and the Home Office eventually conceded it. That was welcome, but the Home Office is now insisting on payment of the immigration health surcharge, which, of course, the family simply cannot afford. Surely in such circumstances any fee or health surcharge should be waived.
Finally, I turn to processing times. If one of these kids is somehow in a position to jump through all the hoops I have described, surely the least we will offer is a speedy priority service. The service standard for family reunion applications is 12 weeks, but I am told that many applications take six months to a year. If an appeal is required in order to overturn a refusal—we have just heard about an example of that—the wait can be more than doubled. Family separation will always be painful, but for unaccompanied children in Sudan, and even in some of the neighbouring countries, it is also  seriously dangerous. Surely some sort of priority processing has to be given to cases where the applicant is directly in danger.
Another case study involves Wissam, who is 17, and Abdul, who is 14. They applied to join their older brother just before war broke out and had an appointment to enrol their biometrics in Khartoum. That could not happen, as the centre closed down. Struggling to access food and water, and at risk of kidnapping, trafficking or exploitation, the brothers were victims of robbery. Ultimately, they decided to flee again and make a dangerous, irregular journey to Uganda. They now live unaccompanied in cramped conditions and, because of their age and nationality, face regular discrimination in accessing sanitation, including clean water. The 14-year-old is struggling with mental health issues and suffering night terrors because of his experiences in Sudan and on the journey to Uganda. Surely we cannot leave those two brothers, who are now in a position to submit their application, to wait for months and perhaps years. Surely applications have to be given priority in those circumstances.
The Minister will no doubt tell us about the significant number of people who do arrive here in the UK under our family reunion arrangements. I acknowledge that fact and I welcome it. However, it would be totally wrong to say that the system is functioning well; various reports by the independent chief inspector of borders and immigration testify to that. Lots of improvements still have to be made. I am not asking for a revolution today, although perhaps I will pursue that further in the months to come. Today, I simply ask that the Home Office accepts that it has to be nimble, to respond and to tweak its rules and processes where circumstances require. The utterly dire circumstances in Sudan surely justify such a response.
In summary, I am asking the Home Office three things. First, I ask it to rethink the requirement for people trapped in Sudan—particularly children—to provide biometrics in advance at a visa application centre. Please look at alternatives, whether waiting until people’s arrival in the UK before requiring biometrics, or some other compromise that does not hold up the consideration of applications.
Secondly, I ask the Home Office, either by tweaking the rules or, perhaps more realistically, by issuing guidance for cases such as those I have described, to make it clear that, as a general rule, children from Sudan seeking to join siblings or other family members in the UK should be treated as meeting the “exceptional” test for the family reunion rules. I would like to think that that would be applied to siblings more generally, but for today’s purposes I make a special case for those seeking to leave Sudan. I also ask the Home Office not to make any such applications subject to fees and health surcharges.
Thirdly, I ask the Home Office to prioritise these applications, in recognition of the dangers that the people making them face. Do not leave them waiting for months. Finally, if possible, seek to work with international organisations and non-governmental organisations to help support safe passage from Sudan, as and when applications are allowed.
I close with a warning, because the danger is that if we do not facilitate their applications, these youngsters will end up seeking to make their own way to the UK, irregularly and dangerously. That brings me to the final  case I want to mention, which is that of 16-year-old Daoud, who fled Eritrea to Sudan. In the light of the situation there, he fled again, to South Sudan. With no progress on securing refugee family reunion from there, he took matters into his own hands and started making his way towards the Mediterranean. He is currently arbitrarily detained in Libya. Some might say he made his own choices, but I think we left him with no choice at all.
I do not want to have to come back here in a few months with another Adjournment debate on this subject and to have to provide similar—or even worse—updates on the other children I have mentioned in this debate. I know the Minister cannot make policy on the hoof, but I urge him to speak with officials, to rethink the Home Office strategy in relation to those who are suffering in Sudan, and to ensure that we are doing all we can to facilitate and support family reunion.

Robert Jenrick: I thank the hon. Member for Cumbernauld, Kilsyth and Kirkintilloch East (Stuart C. McDonald) for securing this Adjournment debate. We share his deep concern about the situation in Sudan and all those affected by it, including those seeking refugee status in the United Kingdom or other safe countries. The Government remain committed to upholding the principle of family reunion by providing a safe and legal route to bring families together through the refugee family reunion policy.
The family reunion route allows individuals with protection status in the UK to sponsor their partner or children to stay with or join them here, provided they formed part of a family unit before the sponsor fled their country of origin to seek protection. While we sympathise greatly with the situation in which many individuals in Sudan find themselves, we do not intend to prioritise refugee family reunion applications from those impacted by the Sudanese conflict, as there are many other individuals in the queue who will be facing broadly comparable situations elsewhere in the world. We want to treat all individuals facing such situations in the same manner and ensure that, where appropriate, they can be supported to a life in the UK in accordance with our rules.

Stuart McDonald: I would not necessarily say that people seeking to come here from Sudan because they are in danger there should be prioritised ahead of others who face similar risks elsewhere—a point that the Minister fairly makes—but does the Home Office make any consideration or assessment of risk at all? There are people who apply for refugee family reunion, quite rightly and fairly, who do not face any imminent risk because they are in a relatively safe third country. Surely the fact that people are facing real danger is an added reason to give priority to their family reunion applications. That should be something that the Department considers.

Robert Jenrick: The hon. Gentleman makes a valid point, which I am happy to take up with my officials. Our policy is one of non-discrimination, so individuals are treated equally, regardless of their country of origin. Obviously, there are a number of places in the world with great danger and we do not choose to rank them in order of priority. However, I can see some merit in what he is saying, so I am happy to give that consideration.
It is important to note that the UK has a very strong record of supporting refugees. Since 2015, we have resettled over half a million people seeking safety, which is among the most generous offerings in our country’s history. The UK ranks highly among other developed countries in that regard. We continue to welcome refugees through our existing global resettlement schemes, including the UK resettlement scheme itself, community sponsorship and the mandate resettlement scheme. Since 2015, we have issued 49,000 family reunion visas to family members of those with protection status, with over half of those visas for children. That figure demonstrates our commitment to refugee family reunion.
We have welcomed Sudanese nationals through both our UK resettlement scheme and the community sponsorship scheme in 2022 and 2023. Between 2015 and 2023, 6,500 Sudanese nationals have been granted visas under refugee family reunion. In the year to September 2023, 618 Sudanese nationals were granted visas under refugee family reunion. The UK is making a significant commitment, although of course the need is very great, as the hon. Gentleman says, due to the situation in Sudan.
We will continue to consider our approach to refugee family reunion in the round rather than on a crisis-by-crisis basis. The UK has no plan at the moment to introduce a designated resettlement scheme for Sudanese refugees. As a general rule, it is important that the UK does not treat migration as the first lever that we pull to try to help people in grave situations in the world.
Generally speaking, the greatest impact that the UK can make, whether that is in Sudan or in other crisis situations, is by using our full diplomatic muscle and our development aid to support people in the region, which is, in fact, the place where the majority of refugees find themselves. Indeed, that happens with respect to the Sudanese situation, where hundreds of thousands of individuals are being supported by the United Nations High Commissioner for Refugees and other organisations in the immediate environs of Sudan. The UK is proud to be supporting those efforts to help those individuals.
I wish to turn more specifically to some of the very valid questions that the hon. Gentleman raised. First, he raised the question of those fleeing conflict zones who find it difficult to provide documents for family reunion purposes. We recognise that this is a challenge for those fleeing their homes and their home countries. Although the onus is on the applicant to show that the relationship is genuine, there are no specific requirements to provide certain types of evidence. We recognise that documentary evidence may not always be available, particularly in countries where there is no functioning administrative authority to issue a passport, a marriage certificate, or a birth certificate. Decision makers should take into consideration evidence from a range of sources, including information provided by their UK family sponsor. Each decision is considered on the balance of probabilities to identify whether there is sufficient evidence to prove that the individuals are related as claimed.
It is important to prevent abuse of the refugee family reunion policy and to safeguard applicants by carefully reviewing their applications where fraudulent documents are submitted, or where there is evidence that the sponsor obtained leave by deception.
With more specific regard to the situation in Sudan, the hon. Gentleman is right to say that the visa application centre in Khartoum is closed until further notice. As a result, any passports remaining there are having to be held in secure storage. We are committed to doing everything we can to support people who find themselves affected by that closure and to reopen the centre as soon as it is safe to do so for our staff and their contractors. There are other visa application centres in the wider vicinity of Sudan. I appreciate that the distances are long, and that the journeys can be arduous and, at times, unsafe. We do have visa centres in Cairo and Jeddah, and many people have made use of those in the time since the crisis began.

Stuart McDonald: Even among the cases that I spoke about, one or two individuals had made it into a neighbouring country—unfortunately one had made it to South Sudan where there is also not a visa application centre—but surely, particularly in the case of children, it is too much to ask them to make a dangerous journey such as that to supply biometric information. There should be some sort of presumption against the need to provide biometric information, or at least a willingness to consider deferring it before the Home Office even looks at the application.

Robert Jenrick: In most cases, unfortunately, individuals will have to make a journey to leave Sudan, as it is very unlikely that they will fly directly from Sudan. Most of the cases that I have been made aware of as Immigration Minister are of individuals who have made the journey to Cairo or to Jeddah or other neighbouring countries.

Stuart McDonald: rose—

Robert Jenrick: Before I give way to the hon. Gentleman, I will reply directly on the biometrics point, which is an important question. Fundamentally, we believe that biometrics are extremely important, because we want to protect the UK’s national security and the safety of our citizens here. Although, of course, we all want to see the best in individuals coming here, particularly in young people and children, there are individuals whom we would not want to enter the United Kingdom. As such, biometrics, in the form of facial image and fingerprints, underpin our immigration system. However, we make exceptions for individuals who find themselves in the most difficult situations.
We published guidance in May 2023, which sets out our approach to handling applicants who claim that it is unsafe to travel from Sudan to a visa application centre in another country to enrol their biometrics—he referred to that situation in his speech. The guidance sets out the circumstances under which UK Visas and Immigration will either predetermine an application or defer the requirement to enrol biometric information until the applicant arrives in the UK, when the applicant has demonstrated their circumstances to be exceptional. In most cases, we require biometrics to be taken as part of the application so that we can conduct the checks on a person’s identity and suitability to come to the UK. It is ultimately the responsibility of the applicant to satisfy the decision maker about their identity.
I hope that the hon. Gentleman can take some comfort from the fact that the guidance gives that flexibility. I hear that he feels that it is being applied too onerously and in a way that is insufficiently sensitive to the situation in Sudan. I am happy to take that away, speak to my officials and, if he has further examples, to put those in front of them so that we can make sure that the guidance is being applied fairly.

Stuart McDonald: I am grateful that the Minister is open to having a discussion about this issue. He is right that, ultimately, all these kids will probably have to leave for a neighbouring country for onward travel. However, it is one thing to ask them to leave in the certainty that they will be allowed into the United Kingdom; it is another to ask them to leave and provide biometric information on the off-chance that they might be allowed in at some future point.
One compromise might be to consider the family reunion application without the biometric information; if it is granted, then tell them to come to a neighbouring country and provide the biometric information there. Will the Minister take that away and think about it?

Robert Jenrick: I will be happy to look into that and come back to the hon. Gentleman. We both agree that biometrics are important. We want to ensure that they are compromised only in the most exceptional circumstances so that we can protect national security, but it is important that we show a degree of discretion when people—young people, in particular—find themselves in the hardest of situations. I will be happy to look into the issue and write to him.
The hon. Gentleman also mentioned processing time for family reunion applications, and I want to address that directly. In general, UKVI is operating well and is meeting its service standards in all, or almost all, visa categories, but there are delays with respect to family reunion—a point that he and other Members have raised in the past. We acknowledge the need to dedicate more resource to support the safe and legal routes and are reviewing processes to streamline decision making to make it more efficient for applicants.
We recognise that the family members of those with protection status in the UK are particularly vulnerable. When the out-of-country decision making team receives a request for prioritisation from an applicant or their representative, that will be assessed to determine whether the application should be prioritised. As I said in answer to the hon. Gentleman’s previous comment, we do not prioritise in a blanket way because of nationality, but we do give priority to cases involving particularly vulnerable individuals.
Examples of grounds for prioritisation may include applicants or sponsors who have serious medical conditions or terminal illnesses. The list of grounds for prioritisation is non-exhaustive; managers undertake a holistic consideration of the applicant’s circumstances when considering a request for prioritisation. The hon. Gentleman also asked about the cost of refugee family reunion. It is free—no fee it levied, although he did raise some of the allied costs that go with it. We make sure that the route is free for obvious reasons.
The hon. Gentleman also asked about child sponsors. The family reunion policy is intended to allow those granted protection status in the UK to sponsor, pre-flight,  immediate family members to join them here. We must avoid creating an incentive for people, particularly children, to leave their families and risk very dangerous journeys, hoping that relatives will be able to join them later. We do, unfortunately, come across examples of that, including through the small boats route, which is among the most perilous of journeys that a child could make.
There are other provisions in the immigration rules that cater for extended family members and, where a valid application does not meet the criteria within our rules, including child sponsors, we consider whether there are compelling compassionate factors that warrant a granting outside the rules. We believe that were children allowed to sponsor parents, that would create a real risk of an incentive for more children to be encouraged, or even forced, to leave their family and risk very hazardous journeys to the UK. That plays into the hands of criminal gangs that exploit vulnerable people, and goes against all our safeguarding responsibilities and instincts. Our policy is not designed to keep child refugees apart from their parents, but in considering any policy we have to think carefully about the wider impact to avoid putting more people unnecessarily into harm’s way.
Finally, I will answer the broader question about refugee resettlement. We have a proud record as a country, having offered half a million people a safe and legal route into the UK. We understand that the scale of disruption and situations around the world mean that so many people find themselves in grave need. Our approach has to be considered very carefully, but we want to continue to work with international organisations, such as the ones that the hon. Member referenced. We  have a good relationship with the United Nations High Commissioner for Refugees through our global resettlement scheme, and earlier in the year, through the Illegal Migration Act 2023, we legislated so that we can introduce further schemes in the future.
I recently launched a consultation in which we asked every local authority in the whole of the United Kingdom to give us their capacity to take refugees on such schemes over the course of the year to come. That consultation is open and I encourage the hon. Member to talk to his local authority and see whether it is taking part in it. We will carefully consider the responses, and if they suggest that there is further capacity across the UK, that will lead us either to extend existing schemes or to create new ones so that the UK can play an even greater and more generous role in the years ahead in helping more people from places such as Sudan to come to the UK.
I thank the hon. Member for securing the debate, and all our colleagues tonight who have listened or contributed. I fully understand the interest in the subject, given the great concern that everyone feels about the situation in Sudan. I hope that I have set out our record and the work that we are doing, and given him some assurances that he and I can work closely together to learn from his experiences, and his evident sincere concern about the issue, to ensure that the scheme is operating as well as it can.
Question put and agreed to.
House adjourned.

Deferred Division

Strikes: Minimum Service Levels

That the draft Strikes (Minimum Service Levels: NHS Ambulance Services and the NHS Patient Transport Service) Regulations 2023, which were laid before this House on 7 November, be approved.

The House divided: Ayes 297, Noes 166.
Question accordingly agreed to.